Revision 656
Added by thorn almost 17 years ago
| edit_css.php | ||
|---|---|---|
| 93 | 93 |
} |
| 94 | 94 |
|
| 95 | 95 |
?> |
| 96 |
<form name="edit_module_file" action="<?php echo $_SERVER['PHP_SELF'] .'?action=save';?>" method="post" style="margin: 0;">
|
|
| 96 |
<form name="edit_module_file" action="<?php echo htmlspecialchars(strip_tags($_SERVER['PHP_SELF'])) .'?action=save';?>" method="post" style="margin: 0;">
|
|
| 97 | 97 |
<input type="hidden" name="section_id" value="<?php echo $section_id; ?>"> |
| 98 | 98 |
<input type="hidden" name="page_id" value="<?php echo $page_id; ?>"> |
| 99 | 99 |
<input type="hidden" name="css_codepress" value="" /> |
Also available in: Unified diff
Added some missing add_slashes(), get_post_escaped(), and strip_tags() for $_POST, $_GET and $_REQUEST-data. Also for $_SERVER['PHP_SELF'].