mrlan
/
LRR
4
0
Fork 2
Code Issues Pull Requests 7 Projects Releases Wiki Activity

fix:fix the Stored XSS

Xuxuan
徐宣 2022-10-13 19:53:39 +08:00
parent e8a181d795
commit 308df1617c
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
Script.php
View File

@ -681,11 +681,11 @@ if (!empty($_GET["updatevisibility"])) {
if (!empty($_GET["remarking"])) { if (!empty($_GET["remarking"])) {
$id = mysqli_real_escape_string($con, $_GET["id"]); $id = htmlspecialchars(mysqli_real_escape_string($con, $_GET["id"]));
$url = mysqli_real_escape_string($con, $_GET["url"]); $url = htmlspecialchars(mysqli_real_escape_string($con, $_GET["url"]));
$status = mysqli_real_escape_string($con, $_GET["status"]); $status = htmlspecialchars(mysqli_real_escape_string($con, $_GET["status"]));
$details = mysqli_real_escape_string($con, $_GET["details"]); $details = htmlspecialchars(mysqli_real_escape_string($con, $_GET["details"]));
$sql = "UPDATE `lab_report_submissions` SET `Status`='Remarking',Remarking_Reason='$details' WHERE Submission_ID='$id' $sql = "UPDATE `lab_report_submissions` SET `Status`='Remarking',Remarking_Reason='$details' WHERE Submission_ID='$id'
"; ";