diff options
| author | ilotterytea <iltsu@alright.party> | 2025-06-08 02:40:44 +0400 |
|---|---|---|
| committer | ilotterytea <iltsu@alright.party> | 2025-06-08 02:40:44 +0400 |
| commit | 3985f082a08cbfa917f9f6376d04d1910100fb90 (patch) | |
| tree | 0e7cdf13e0f39da83cf9f7d3829e4d84cf1c3eae | |
| parent | 84ad6e3c5b2f74b82d17b289db62cdf88f18a95b (diff) | |
upd: serialize user input in report.php
| -rw-r--r-- | public/report.php | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/public/report.php b/public/report.php index ca4f882..72f49a3 100644 --- a/public/report.php +++ b/public/report.php @@ -27,6 +27,15 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') { $file_id = $_POST['id']; $file_id = explode('.', $file_id); + if (count($file_id) != 2) { + generate_alert( + '/report.php', + 'Not enough data.', + 400, + null + ); + exit(); + } $file_ext = $file_id[1]; $file_id = $file_id[0]; @@ -40,7 +49,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') { exit(); } - $reason = trim($_POST['reason'] ?? ''); + $reason = str_safe($_POST['reason'] ?? '', null); if (empty($reason)) { generate_alert( @@ -52,7 +61,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') { exit(); } - $email = $_POST['email'] ?? '(Anonymous)'; + $email = str_safe($_POST['email'] ?? '(Anonymous)', null); if (empty($email)) { $email = '(Anonymous)'; } |