fix:修复了xss漏洞
parent
6e07ddc94c
commit
4bf8d8d970
|
@ -8,8 +8,8 @@
|
|||
|
||||
|
||||
include 'Header.php';
|
||||
$token=$_GET['token'];
|
||||
$email=$_GET['email'];
|
||||
$token=htmlspecialchars($_GET['token']);
|
||||
$email=htmlspecialchars($_GET['email']);
|
||||
?>
|
||||
|
||||
<div class="row">
|
||||
|
|
|
@ -27,9 +27,9 @@ include 'Header.php';
|
|||
<div class="panel-body">
|
||||
<form method="post" action="Script.php">
|
||||
<input type="hidden" name="frm_recover_password" value="true"/>
|
||||
Student number <input type="text" name="sno" placeholder="Enter your student number" class="form-control" required="required" value="<?php echo $_SESSION['student_number']; ?>">
|
||||
Student number <input type="text" name="sno" placeholder="Enter your student number" class="form-control" required="required" value="<?php echo htmlspecialchars($_SESSION['student_number']); ?>">
|
||||
<br/>
|
||||
Email <input type="text" name="email" placeholder="Enter your email address" class="form-control" required="required" value="<?php echo $_SESSION['user_email']; ?>">
|
||||
Email <input type="text" name="email" placeholder="Enter your email address" class="form-control" required="required" value="<?php echo htmlspecialchars($_SESSION['user_email']); ?>">
|
||||
<br/>
|
||||
<input type="submit" class="btn-primary" value="Recover">
|
||||
|
||||
|
@ -38,7 +38,7 @@ include 'Header.php';
|
|||
<?php
|
||||
|
||||
if(isset($_SESSION['info_recover_password'])) {
|
||||
echo '<hr><div class="alert alert-danger" role="alert">'.$_SESSION['info_recover_password'].'</div>';
|
||||
echo '<hr><div class="alert alert-danger" role="alert">'.htmlspecialchars($_SESSION['info_recover_password']).'</div>';
|
||||
$_SESSION['info_recover_password']=null;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue