From 3985f082a08cbfa917f9f6376d04d1910100fb90 Mon Sep 17 00:00:00 2001
From: ilotterytea <iltsu@alright.party>
Date: Sun, 8 Jun 2025 02:40:44 +0400
Subject: upd: serialize user input in report.php

---
 public/report.php | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/public/report.php b/public/report.php
index ca4f882..72f49a3 100644
--- a/public/report.php
+++ b/public/report.php
@@ -27,6 +27,15 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
 
     $file_id = $_POST['id'];
     $file_id = explode('.', $file_id);
+    if (count($file_id) != 2) {
+        generate_alert(
+            '/report.php',
+            'Not enough data.',
+            400,
+            null
+        );
+        exit();
+    }
     $file_ext = $file_id[1];
     $file_id = $file_id[0];
 
@@ -40,7 +49,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
         exit();
     }
 
-    $reason = trim($_POST['reason'] ?? '');
+    $reason = str_safe($_POST['reason'] ?? '', null);
 
     if (empty($reason)) {
         generate_alert(
@@ -52,7 +61,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
         exit();
     }
 
-    $email = $_POST['email'] ?? '(Anonymous)';
+    $email = str_safe($_POST['email'] ?? '(Anonymous)', null);
     if (empty($email)) {
         $email = '(Anonymous)';
     }
-- 
cgit v1.2.3