From 3f71f5a0d7af43d81e8ba5f922a36c1c852001b3 Mon Sep 17 00:00:00 2001 From: David Neustadt Date: Sun, 9 May 2021 19:13:21 +0200 Subject: [PATCH 1/3] convert special chars to avoid xss --- index.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/index.php b/index.php index c5aa35e..8686112 100644 --- a/index.php +++ b/index.php @@ -67,12 +67,12 @@ function clean_str($str) {
- FrogFind! Leap again: + FrogFind! Leap again:

-
Search Results for
+
Search Results for

@@ -94,4 +94,4 @@ function clean_str($str) { - \ No newline at end of file + From ad4bf72b673b9456656fca85493e31a9c293ff91 Mon Sep 17 00:00:00 2001 From: David Neustadt Date: Sun, 9 May 2021 22:10:31 +0200 Subject: [PATCH 2/3] more xss fixes --- read.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/read.php b/read.php index 922177c..91b3fad 100644 --- a/read.php +++ b/read.php @@ -7,7 +7,7 @@ $loc = "US"; if( isset( $_GET['loc'] ) ) { - $loc = strtoupper($_GET["loc"]); + $loc = urlencode(strtoupper($_GET["loc"])); } if( isset( $_GET['a'] ) ) { @@ -74,7 +74,7 @@ function clean_str($str) {

- Back to FrogFind! | Browsing URL: + Back to FrogFind! | Browsing URL:

@@ -97,4 +97,4 @@ function clean_str($str) { " . $error_text . "

"; } ?>

- \ No newline at end of file + From cdf6714246c00ca7880b9d6eff779b9f3077142f Mon Sep 17 00:00:00 2001 From: David Neustadt Date: Sun, 9 May 2021 22:19:10 +0200 Subject: [PATCH 3/3] xss vulnerability fixes --- image.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/image.php b/image.php index c033ea8..331ef76 100644 --- a/image.php +++ b/image.php @@ -4,7 +4,7 @@ $loc = "US"; if( isset( $_GET['loc'] ) ) { - $loc = strtoupper($_GET["loc"]); + $loc = urlencode(strtoupper($_GET["loc"])); } //get the image url @@ -38,9 +38,9 @@ < Back to article -

Viewing image:

- +

Viewing image:

+

< Back to article - \ No newline at end of file +