KevinMidboe/zoff
1
0
Fork 0
mirror of https://github.com/KevinMidboe/zoff.git synced 2025-10-29 18:00:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

Made it less.. vulnerable...

Browse Source
This commit is contained in:
KasperRT
2014-10-10 23:05:52 +02:00
parent bf75099a00
commit efc57512ac
1 changed files with 5 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
php/nochan.php
View File

@@ -1,7 +1,8 @@
<?php
if(isset($_GET['chan'])){
header('Location: '.$_GET['chan']);
$chan = htmlspecialchars($_GET['chan']);
header('Location: '.$chan);
}
$dir = scandir('./lists');
@@ -21,18 +22,18 @@ foreach($dir as $files){
<form name="ufo" action="" class="daform nomargin" id="base" method="get" onsubmit="null;" >
<input list="searches" id="search" name="chan" type="text" class="search_input innbox" spellcheck="false" maxlength="15" placeholder="Type Channel Name" autofocus/>
<datalist id="searches">
<?php foreach($channels as $channel){echo "<option value='".urldecode($channel)."'> ";} ?>
<?php foreach($channels as $channel){echo "<option value='".htmlspecialchars(urldecode($channel))."'> ";} ?>
</datalist>
</form>
</div>
<center>
<div class="channels" id="channels">Active Channels<br>
<?php foreach($channels as $channel){echo "<a class='channel' href='/".$channel."'>".urldecode($channel)."</a>";} ?>
<?php foreach($channels as $channel){echo "<a class='channel' href='/".$channel."'>".htmlspecialchars(urldecode($channel))."</a>";} ?>
</div>
</center>
</div>
<div class="footer small centered top anim bottom">&copy; 2014 <a class="anim" href="//nixo.no">Nixo</a> &amp; <a class="anim" href="//kasperrt.no">KasperRT</a> </div>
</body>
</html>
</html>