Fix several XSS vulnerabilities

In both the client and staff interfaces, where the URL and request parameters were echo'd back without any escaping

Fix several XSS vulnerabilities
e579d478 · Jared Hancock · bb62d566 · e579d478 · e579d478 · e579d478
Commit e579d478 authored 10 years ago by Jared Hancock
--- a/include/client/pwreset.login.php
+++ b/include/client/pwreset.login.php
@@ -12,7 +12,7 @@ Enter your username or email address again in the form below and press the
    <div style="width:50%;display:inline-block">
    <?php csrf_token(); ?>
    <input type="hidden" name="do" value="reset"/>
-    <input type="hidden" name="token" value="<?php echo $_REQUEST['token']; ?>"/>
+    <input type="hidden" name="token" value="<?php echo Format::htmlchars($_REQUEST['token']); ?>"/>
    <strong><?php echo Format::htmlchars($banner); ?></strong>
    <br>
    <div>

--- a/include/client/register.inc.php
+++ b/include/client/register.inc.php
@@ -22,8 +22,8 @@ your account
 </p>
 <form action="account.php" method="post">
  <?php csrf_token(); ?>
-  <input type="hidden" name="do" value="<?php echo $_REQUEST['do']
-    ?: ($info['backend'] ? 'import' :'create'); ?>" />
+  <input type="hidden" name="do" value="<?php echo Format::htmlchars($_REQUEST['do']
+    ?: ($info['backend'] ? 'import' :'create')); ?>" />
 <table width="800" class="padded">
 <tbody>
 <?php

--- a/include/staff/dynamic-list.inc.php
+++ b/include/staff/dynamic-list.inc.php
@@ -19,7 +19,7 @@ $info=Format::htmlchars(($errors && $_POST)?$_POST:$info);
 <form action="?" method="post" id="save">
    <?php csrf_token(); ?>
    <input type="hidden" name="do" value="<?php echo $action; ?>">
-    <input type="hidden" name="a" value="<?php echo $_REQUEST['a']; ?>">
+    <input type="hidden" name="a" value="<?php echo Format::htmlchars($_REQUEST['a']); ?>">
    <input type="hidden" name="id" value="<?php echo $info['id']; ?>">
    <h2>Custom List</h2>