xssClean $_POST vars

mattpass · mattpass · commit 4803eb2bac3b · 2014-06-27T08:52:26.000+01:00
diff --git a/lib/github-manager.php b/lib/github-manager.php
@@ -72,7 +72,7 @@
 
 		// Add the new one
 		if ($_POST['githubLocalPathNEW'] != "" && $_POST['githubRemotePathNEW'] != "") {
-			$settingsNew .= '"'.$_POST['githubLocalPathNEW'].'",';
+			$settingsNew .= '"'.xssClean($_POST['githubLocalPathNEW'],"html").'",';
 		}
 
 		// Then set all the old local paths
@@ -88,7 +88,7 @@
 
 		// Add the new one
 		if ($_POST['githubLocalPathNEW'] != "" && $_POST['githubRemotePathNEW'] != "") {
-			$settingsNew .= '"'.$_POST['githubRemotePathNEW'].'",';
+			$settingsNew .= '"'.xssClean($_POST['githubRemotePathNEW'],"html").'",';
 		}
 
 		// Then set all the old remote paths
@@ -113,7 +113,7 @@
 		// Redo the arrays using the form data
 		for ($i=0; $i<count($oldLocal); $i++) {
 			if ($_POST['githubLocalPath'.$i] != "") {
-				$settingsNew .= '"'.$_POST['githubLocalPath'.$i].'",';
+				$settingsNew .= '"'.xssClean($_POST['githubLocalPath'.$i],"html").'",';
 			}
 		}
 		// Rtrim off the last comma
@@ -126,7 +126,7 @@
 		// Redo the arrays using the form data
 		for ($i=0; $i<count($oldRemote); $i++) {
 			if ($_POST['githubRemotePath'.$i] != "") {
-				$settingsNew .= '"'.$_POST['githubRemotePath'.$i].'",';
+				$settingsNew .= '"'.xssClean($_POST['githubRemotePath'.$i],"html").'",';
 			}
 		}
 		// Rtrim off the last comma

Original file line number	Diff line number	Diff line change
`@@ -72,7 +72,7 @@`
`72`	`72`
`73`	`73`	`// Add the new one`
`74`	`74`	`if ($_POST['githubLocalPathNEW'] != "" && $_POST['githubRemotePathNEW'] != "") {`
`75`		`- $settingsNew .= '"'.$_POST['githubLocalPathNEW'].'",';`
	`75`	`+ $settingsNew .= '"'.xssClean($_POST['githubLocalPathNEW'],"html").'",';`
`76`	`76`	`}`
`77`	`77`
`78`	`78`	`// Then set all the old local paths`
`@@ -88,7 +88,7 @@`
`88`	`88`
`89`	`89`	`// Add the new one`
`90`	`90`	`if ($_POST['githubLocalPathNEW'] != "" && $_POST['githubRemotePathNEW'] != "") {`
`91`		`- $settingsNew .= '"'.$_POST['githubRemotePathNEW'].'",';`
	`91`	`+ $settingsNew .= '"'.xssClean($_POST['githubRemotePathNEW'],"html").'",';`
`92`	`92`	`}`
`93`	`93`
`94`	`94`	`// Then set all the old remote paths`
`@@ -113,7 +113,7 @@`
`113`	`113`	`// Redo the arrays using the form data`
`114`	`114`	`for ($i=0; $i<count($oldLocal); $i++) {`
`115`	`115`	`if ($_POST['githubLocalPath'.$i] != "") {`
`116`		`- $settingsNew .= '"'.$_POST['githubLocalPath'.$i].'",';`
	`116`	`+ $settingsNew .= '"'.xssClean($_POST['githubLocalPath'.$i],"html").'",';`
`117`	`117`	`}`
`118`	`118`	`}`
`119`	`119`	`// Rtrim off the last comma`
`@@ -126,7 +126,7 @@`
`126`	`126`	`// Redo the arrays using the form data`
`127`	`127`	`for ($i=0; $i<count($oldRemote); $i++) {`
`128`	`128`	`if ($_POST['githubRemotePath'.$i] != "") {`
`129`		`- $settingsNew .= '"'.$_POST['githubRemotePath'.$i].'",';`
	`129`	`+ $settingsNew .= '"'.xssClean($_POST['githubRemotePath'.$i],"html").'",';`
`130`	`130`	`}`
`131`	`131`	`}`
`132`	`132`	`// Rtrim off the last comma`