From 70d3e4b5e9dde9b7601ca08c9da1f3e1fb173570 Mon Sep 17 00:00:00 2001
From: ilotterytea <iltsu@alright.party>
Date: Fri, 28 Mar 2025 13:44:30 +0500
Subject: fix: xss and regex vulnerability

---
 public/index.php | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

(limited to 'public')

diff --git a/public/index.php b/public/index.php
index af30a76..315a79f 100644
--- a/public/index.php
+++ b/public/index.php
@@ -10,10 +10,13 @@ if (-12 <= $utc && $utc <= 12) {
     $utc = 0;
 }
 
-$month = $_GET["month"] ?? date("n", $time);
-$day = $_GET["day"] ?? date("d", $time);
+$month = intval($_GET["month"] ?? date("n", $time));
+$day = intval($_GET["day"] ?? date("d", $time));
+
 $search = $_GET["search"] ?? "";
-$search_regex = "/(?i)$search/";
+$search_regex = "/(?i)" . preg_quote($search, "/") . "/";
+
+$search = htmlspecialchars($search);
 
 $holidays = [];
 
-- 
cgit v1.2.3