Created data filter to avoid XSS attack
This commit is contained in:
@@ -7,6 +7,7 @@ use App\Models\Access;
|
||||
use \Core\Token;
|
||||
use \Core\Session;
|
||||
use \Core\Redirect;
|
||||
use \Core\XSS;
|
||||
|
||||
class Posts
|
||||
{
|
||||
@@ -81,11 +82,13 @@ class Posts
|
||||
|
||||
$url = 'Data/pengumuman.html';
|
||||
|
||||
$status = '';
|
||||
$privilage = '';
|
||||
|
||||
if (Session::exists('userid')) {
|
||||
$post = $this->model->showAll();
|
||||
$privilage = Session::get('privilage');
|
||||
$status = 'loggedin';
|
||||
}
|
||||
|
||||
if ($post !== false) {
|
||||
@@ -102,6 +105,7 @@ class Posts
|
||||
}
|
||||
View::render($url, [
|
||||
'posts' => $posts,
|
||||
'status' => $status,
|
||||
'privilage' => $privilage
|
||||
]);
|
||||
}
|
||||
@@ -159,7 +163,8 @@ class Posts
|
||||
$creator = $post['creator'];
|
||||
$editor = $post['editor'];
|
||||
|
||||
$post['content'] = htmlspecialchars_decode($post['content']);
|
||||
// Decode XSS data
|
||||
$post = XSS::decode($post);
|
||||
|
||||
$table = 'users';
|
||||
|
||||
@@ -241,11 +246,8 @@ class Posts
|
||||
}
|
||||
}
|
||||
|
||||
if (isset($args['content'])) {
|
||||
$args['content'] = htmlspecialchars($args['content']);
|
||||
} elseif (isset($args['category'])) {
|
||||
$args['category'] = htmlspecialchars($args['category']);
|
||||
}
|
||||
// Avoid XSS attack
|
||||
$args = XSS::avoid($args);
|
||||
|
||||
if (isset($table)) {
|
||||
if ($this->model->entry($args, $table)) {
|
||||
@@ -272,7 +274,9 @@ class Posts
|
||||
Redirect::to('/posts/category');
|
||||
die();
|
||||
}
|
||||
$args['content'] = htmlspecialchars($args['content']);
|
||||
|
||||
// Avoid XSS attack
|
||||
$args = XSS::avoid($args);
|
||||
|
||||
$id = $args['id'];
|
||||
unset($args['id']);
|
||||
|
||||
Reference in New Issue
Block a user