fix:修复了xss漏洞

2022-10-12 14:05:56 +08:00 · 2022-10-12 14:05:56 +08:00 · 4bf8d8d970
parent 6e07ddc94c
commit 4bf8d8d970
2 changed files with 5 additions and 5 deletions
--- a/Reset_password.php
+++ b/Reset_password.php
@ -8,8 +8,8 @@
 include 'Header.php';
-$token=$_GET['token'];
+$token=htmlspecialchars($_GET['token']);
-$email=$_GET['email'];
+$email=htmlspecialchars($_GET['email']);
 ?>
 <div class="row">
--- a/recover_password.php
+++ b/recover_password.php
@ -27,9 +27,9 @@ include 'Header.php';
      <div class="panel-body">
        <form method="post" action="Script.php">
        <input type="hidden" name="frm_recover_password" value="true"/>
-        Student number  <input type="text" name="sno" placeholder="Enter your student number" class="form-control" required="required" value="<?php echo $_SESSION['student_number']; ?>">
+        Student number  <input type="text" name="sno" placeholder="Enter your student number" class="form-control" required="required" value="<?php echo htmlspecialchars($_SESSION['student_number']); ?>">
 	<br/>
-        Email  <input type="text" name="email" placeholder="Enter your email address" class="form-control" required="required" value="<?php echo $_SESSION['user_email']; ?>">
+        Email  <input type="text" name="email" placeholder="Enter your email address" class="form-control" required="required" value="<?php echo htmlspecialchars($_SESSION['user_email']); ?>">
 	<br/>
        <input type="submit" class="btn-primary" value="Recover">
@ -38,7 +38,7 @@ include 'Header.php';
 <?php
 if(isset($_SESSION['info_recover_password'])) {
-  echo  '<hr><div class="alert alert-danger" role="alert">'.$_SESSION['info_recover_password'].'</div>';
+  echo  '<hr><div class="alert alert-danger" role="alert">'.htmlspecialchars($_SESSION['info_recover_password']).'</div>';
  $_SESSION['info_recover_password']=null;
 }