forked from Mirrors/keyoxide-web
Escape inputs
This commit is contained in:
parent
34cb9a073c
commit
83045e10d5
1 changed files with 11 additions and 11 deletions
22
index.php
22
index.php
|
@ -43,7 +43,7 @@ if(is_array($match) && is_callable($match['target'])) {
|
||||||
case 'verifyUid':
|
case 'verifyUid':
|
||||||
case 'verifyHKP':
|
case 'verifyHKP':
|
||||||
$content = file_get_contents('pages/verify.html');
|
$content = file_get_contents('pages/verify.html');
|
||||||
$content = str_replace('%HKP_UID%', (array_key_exists('uid', $match['params']) ? $match['params']['uid'] : ''), $content);
|
$content = str_replace('%HKP_UID%', (array_key_exists('uid', $match['params']) ? htmlspecialchars($match['params']['uid']) : ''), $content);
|
||||||
$content = str_replace('%WKD_UID%', '', $content);
|
$content = str_replace('%WKD_UID%', '', $content);
|
||||||
header('Content-Type: text/html; charset=utf-8');
|
header('Content-Type: text/html; charset=utf-8');
|
||||||
echo($content);
|
echo($content);
|
||||||
|
@ -52,7 +52,7 @@ if(is_array($match) && is_callable($match['target'])) {
|
||||||
case 'verifyWKD':
|
case 'verifyWKD':
|
||||||
$content = file_get_contents('pages/verify.html');
|
$content = file_get_contents('pages/verify.html');
|
||||||
$content = str_replace('%HKP_UID%', '', $content);
|
$content = str_replace('%HKP_UID%', '', $content);
|
||||||
$content = str_replace('%WKD_UID%', (array_key_exists('uid', $match['params']) ? $match['params']['uid'] : ''), $content);
|
$content = str_replace('%WKD_UID%', (array_key_exists('uid', $match['params']) ? htmlspecialchars($match['params']['uid']) : ''), $content);
|
||||||
header('Content-Type: text/html; charset=utf-8');
|
header('Content-Type: text/html; charset=utf-8');
|
||||||
echo($content);
|
echo($content);
|
||||||
break;
|
break;
|
||||||
|
@ -61,7 +61,7 @@ if(is_array($match) && is_callable($match['target'])) {
|
||||||
case 'encryptUid':
|
case 'encryptUid':
|
||||||
case 'encryptHKP':
|
case 'encryptHKP':
|
||||||
$content = file_get_contents('pages/encrypt.html');
|
$content = file_get_contents('pages/encrypt.html');
|
||||||
$content = str_replace('%HKP_UID%', (array_key_exists('uid', $match['params']) ? $match['params']['uid'] : ''), $content);
|
$content = str_replace('%HKP_UID%', (array_key_exists('uid', $match['params']) ? htmlspecialchars($match['params']['uid']) : ''), $content);
|
||||||
$content = str_replace('%WKD_UID%', '', $content);
|
$content = str_replace('%WKD_UID%', '', $content);
|
||||||
header('Content-Type: text/html; charset=utf-8');
|
header('Content-Type: text/html; charset=utf-8');
|
||||||
echo($content);
|
echo($content);
|
||||||
|
@ -70,7 +70,7 @@ if(is_array($match) && is_callable($match['target'])) {
|
||||||
case 'encryptWKD':
|
case 'encryptWKD':
|
||||||
$content = file_get_contents('pages/encrypt.html');
|
$content = file_get_contents('pages/encrypt.html');
|
||||||
$content = str_replace('%HKP_UID%', '', $content);
|
$content = str_replace('%HKP_UID%', '', $content);
|
||||||
$content = str_replace('%WKD_UID%', (array_key_exists('uid', $match['params']) ? $match['params']['uid'] : ''), $content);
|
$content = str_replace('%WKD_UID%', (array_key_exists('uid', $match['params']) ? htmlspecialchars($match['params']['uid']) : ''), $content);
|
||||||
header('Content-Type: text/html; charset=utf-8');
|
header('Content-Type: text/html; charset=utf-8');
|
||||||
echo($content);
|
echo($content);
|
||||||
break;
|
break;
|
||||||
|
@ -79,7 +79,7 @@ if(is_array($match) && is_callable($match['target'])) {
|
||||||
case 'proofsUid':
|
case 'proofsUid':
|
||||||
case 'proofsHKP':
|
case 'proofsHKP':
|
||||||
$content = file_get_contents('pages/proofs.html');
|
$content = file_get_contents('pages/proofs.html');
|
||||||
$content = str_replace('%HKP_UID%', (array_key_exists('uid', $match['params']) ? $match['params']['uid'] : ''), $content);
|
$content = str_replace('%HKP_UID%', (array_key_exists('uid', $match['params']) ? htmlspecialchars($match['params']['uid']) : ''), $content);
|
||||||
$content = str_replace('%WKD_UID%', '', $content);
|
$content = str_replace('%WKD_UID%', '', $content);
|
||||||
header('Content-Type: text/html; charset=utf-8');
|
header('Content-Type: text/html; charset=utf-8');
|
||||||
echo($content);
|
echo($content);
|
||||||
|
@ -88,14 +88,14 @@ if(is_array($match) && is_callable($match['target'])) {
|
||||||
case 'proofsWKD':
|
case 'proofsWKD':
|
||||||
$content = file_get_contents('pages/proofs.html');
|
$content = file_get_contents('pages/proofs.html');
|
||||||
$content = str_replace('%HKP_UID%', '', $content);
|
$content = str_replace('%HKP_UID%', '', $content);
|
||||||
$content = str_replace('%WKD_UID%', (array_key_exists('uid', $match['params']) ? $match['params']['uid'] : ''), $content);
|
$content = str_replace('%WKD_UID%', (array_key_exists('uid', $match['params']) ? htmlspecialchars($match['params']['uid']) : ''), $content);
|
||||||
header('Content-Type: text/html; charset=utf-8');
|
header('Content-Type: text/html; charset=utf-8');
|
||||||
echo($content);
|
echo($content);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 'profile':
|
case 'profile':
|
||||||
$content = file_get_contents('pages/profile.html');
|
$content = file_get_contents('pages/profile.html');
|
||||||
$content = str_replace('%UID%', $match['params']['uid'], $content);
|
$content = str_replace('%UID%', htmlspecialchars($match['params']['uid']), $content);
|
||||||
$content = str_replace('%MODE%', "auto", $content);
|
$content = str_replace('%MODE%', "auto", $content);
|
||||||
header('Content-Type: text/html; charset=utf-8');
|
header('Content-Type: text/html; charset=utf-8');
|
||||||
echo($content);
|
echo($content);
|
||||||
|
@ -103,7 +103,7 @@ if(is_array($match) && is_callable($match['target'])) {
|
||||||
|
|
||||||
case 'profileHKP':
|
case 'profileHKP':
|
||||||
$content = file_get_contents('pages/profile.html');
|
$content = file_get_contents('pages/profile.html');
|
||||||
$content = str_replace('%UID%', $match['params']['uid'], $content);
|
$content = str_replace('%UID%', htmlspecialchars($match['params']['uid']), $content);
|
||||||
$content = str_replace('%MODE%', "hkp", $content);
|
$content = str_replace('%MODE%', "hkp", $content);
|
||||||
header('Content-Type: text/html; charset=utf-8');
|
header('Content-Type: text/html; charset=utf-8');
|
||||||
echo($content);
|
echo($content);
|
||||||
|
@ -111,7 +111,7 @@ if(is_array($match) && is_callable($match['target'])) {
|
||||||
|
|
||||||
case 'profileWKD':
|
case 'profileWKD':
|
||||||
$content = file_get_contents('pages/profile.html');
|
$content = file_get_contents('pages/profile.html');
|
||||||
$content = str_replace('%UID%', $match['params']['uid'], $content);
|
$content = str_replace('%UID%', htmlspecialchars($match['params']['uid']), $content);
|
||||||
$content = str_replace('%MODE%', "wkd", $content);
|
$content = str_replace('%MODE%', "wkd", $content);
|
||||||
header('Content-Type: text/html; charset=utf-8');
|
header('Content-Type: text/html; charset=utf-8');
|
||||||
echo($content);
|
echo($content);
|
||||||
|
@ -122,7 +122,7 @@ if(is_array($match) && is_callable($match['target'])) {
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 'guideId':
|
case 'guideId':
|
||||||
$id = $match['params']['id'];
|
$id = htmlspecialchars($match['params']['id']);
|
||||||
$content = file_get_contents("pages/template.html");
|
$content = file_get_contents("pages/template.html");
|
||||||
$guideTitle = file_get_contents("pages/guides/$id.title.html");
|
$guideTitle = file_get_contents("pages/guides/$id.title.html");
|
||||||
$guideContent = file_get_contents("pages/guides/$id.content.html");
|
$guideContent = file_get_contents("pages/guides/$id.content.html");
|
||||||
|
@ -134,7 +134,7 @@ if(is_array($match) && is_callable($match['target'])) {
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 'util':
|
case 'util':
|
||||||
$id = $match['params']['id'];
|
$id = htmlspecialchars($match['params']['id']);
|
||||||
readfile("pages/util/$id.html");
|
readfile("pages/util/$id.html");
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue