Skip to content
GitLab
Commit f81dcedd authored by redacted's avatar redacted
Browse files

fixed xss

parent 5fc5953c
master
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 4 additions and 2 deletions
+4 -2
examples/static_captcha.php
+ 4
2
View file @ f81dcedd
...@@ -58,6 +58,8 @@ if (isset($_GET['validate'])) { ...@@ -58,6 +58,8 @@ if (isset($_GET['validate'])) {
// generate a new captcha ID and challenge // generate a new captcha ID and challenge
$captchaId = Securimage::getCaptchaId(); $captchaId = Securimage::getCaptchaId();
$currentScript = htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES);
// output the captcha ID, and a form to validate it // output the captcha ID, and a form to validate it
// the form submits to itself and is validated above // the form submits to itself and is validated above
echo <<<EOD echo <<<EOD
...@@ -82,9 +84,9 @@ echo <<<EOD ...@@ -82,9 +84,9 @@ echo <<<EOD
<p>&nbsp;</p> <p>&nbsp;</p>
<div> <div>
Captcha ID: $captchaId<br /><br /> Captcha ID: $captchaId<br /><br />
<img src="{$_SERVER['PHP_SELF']}?display&amp;id=$captchaId" alt="Captcha Image" /><br /> <img src="$currentScript?display&amp;id=$captchaId" alt="Captcha Image" /><br />
<form method="get" action="{$_SERVER['PHP_SELF']}"> <form method="get" action="$currentScript">
<input type="hidden" name="validate" value="1" /> <input type="hidden" name="validate" value="1" />
<input type="hidden" name="id" value="$captchaId" /> <input type="hidden" name="id" value="$captchaId" />
Enter Code: Enter Code:
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment