Public Repositories

Commit Diff

Commit:: 809f6773455bd5876c46082b8a84990d87ad54dd
From:: Jeremy Jackson <jeremy.jackson089@gmail.com>
Date:: Sat Jun 7 21:00:28 2025 UTC
Message:: Use htmlspecialchars to sanitize search queries in the fanart section.
Actions:: Patch | Tree

commit - 7ff16aaf652293a7b61d3aa3c0e6fe402d2c39a3
commit + 809f6773455bd5876c46082b8a84990d87ad54dd
blob - 105055ad3398d7ecdfdf27dbbac24dd4304678cf
blob + 60e2baaee6d57ed3c84c230a2458ca3b482056f3
--- fanart/artist.php
+++ fanart/artist.php
@@ -3,7 +3,7 @@
 

 <?php 

    include('main-config.php');

-   $name = $_GET['name'];

+   $name = htmlspecialchars($_GET['name']);

    print "<title>$name's Art</title>";

    include('fanart-header.php');

    $mysqli = new mysqli("localhost", $rpgc_db_username, $rpgc_db_password);

blob - 7399ed22c2b5a6988a7d942ea17fbebdd31e2278
blob + 00ad6ef8e818777d620b44aea5869fe95c8ed3eb
--- fanart/section.php
+++ fanart/section.php
@@ -3,7 +3,7 @@
 

 <?php 

    include('main-config.php');

-   $section = $_GET['section'];

+   $section = htmlspecialchars($_GET['section']);

    if (strpos($section, 'Final Fantasy') !== FALSE)

    {   print '<title>Final Fantasy Art Page</title>';

        include('main-header.php');