From 308df1617c58dff6902f7f340c47280973e61392 Mon Sep 17 00:00:00 2001
From: Xuxfff <1683793776@qq.com>
Date: Thu, 13 Oct 2022 19:53:39 +0800
Subject: [PATCH] fix:fix the Stored XSS

---
 Script.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/Script.php b/Script.php
index b089078..7191f4d 100644
--- a/Script.php
+++ b/Script.php
@@ -681,11 +681,11 @@ if (!empty($_GET["updatevisibility"])) {
 
 if (!empty($_GET["remarking"])) {
 
-    $id = mysqli_real_escape_string($con, $_GET["id"]);
-    $url = mysqli_real_escape_string($con, $_GET["url"]);
+    $id = htmlspecialchars(mysqli_real_escape_string($con, $_GET["id"]));
+    $url = htmlspecialchars(mysqli_real_escape_string($con, $_GET["url"]));
 
-    $status = mysqli_real_escape_string($con, $_GET["status"]);
-    $details = mysqli_real_escape_string($con, $_GET["details"]);
+    $status = htmlspecialchars(mysqli_real_escape_string($con, $_GET["status"]));
+    $details = htmlspecialchars(mysqli_real_escape_string($con, $_GET["details"]));
 
     $sql = "UPDATE `lab_report_submissions` SET `Status`='Remarking',Remarking_Reason='$details' WHERE Submission_ID='$id'
               ";