Fix XSS in forum new_post

slawkens · Jan 8, 2025 · c2b7286 · c2b7286
1 parent d6c40c8
commit c2b7286
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/system/pages/forum/new_post.php b/system/pages/forum/new_post.php
@@ -40,7 +40,7 @@
 	$thread = $db->query("SELECT `" . FORUM_TABLE_PREFIX . "forum`.`post_topic`, `" . FORUM_TABLE_PREFIX . "forum`.`id`, `" . FORUM_TABLE_PREFIX . "forum`.`section` FROM `" . FORUM_TABLE_PREFIX . "forum` WHERE `" . FORUM_TABLE_PREFIX . "forum`.`id` = ".(int) $thread_id." AND `" . FORUM_TABLE_PREFIX . "forum`.`first_post` = ".$thread_id." LIMIT 1")->fetch();
 
 	if(isset($thread['id']) && Forum::hasAccess($thread['section'])) {
-		echo '<a href="' . getLink('forum') . '">Boards</a> >> <a href="' . getForumBoardLink($thread['section']) . '">'.$sections[$thread['section']]['name'].'</a> >> <a href="' . getForumThreadLink($thread_id) . '">'.$thread['post_topic'].'</a> >> <b>Post new reply</b><br /><h3>'.$thread['post_topic'].'</h3>';
+		echo '<a href="' . getLink('forum') . '">Boards</a> >> <a href="' . getForumBoardLink($thread['section']) . '">'.$sections[$thread['section']]['name'].'</a> >> <a href="' . getForumThreadLink($thread_id) . '">'.htmlspecialchars($thread['post_topic']).'</a> >> <b>Post new reply</b><br /><h3>'.htmlspecialchars($thread['post_topic']).'</h3>';
 
 		$quote = isset($_REQUEST['quote']) ? (int) $_REQUEST['quote'] : NULL;
 		$text = isset($_REQUEST['text']) ? stripslashes(trim($_REQUEST['text'])) : NULL;

diff --git a/system/templates/forum.new_post.html.twig b/system/templates/forum.new_post.html.twig
@@ -50,7 +50,7 @@
 <table width="100%">
 	<tr bgcolor="{{ config.vdarkborder }}">
 		<td colspan="2">
-			<span style="color: white"><b>Last 5 posts from thread: {{ topic|raw }}</b></span>
+			<span style="color: white"><b>Last 5 posts from thread: {{ topic }}</b></span>
 		</td>
 	</tr>
 	{% set i = 0 %}