fix XSS in forms

This commit is contained in:
biglyderv 2024-12-07 07:12:42 -05:00
parent d6a6ce1ffc
commit 914350f69b

View file

@ -2,24 +2,24 @@
function form($title, $form_message, $inputs, $action = '') { ?>
<form class='form' enctype="multipart/form-data" method="POST" action="<?php echo $action ?>">
<h1 class="form-heading">
<?php echo $title ?>
<?php echo htmlspecialchars($title) ?>
</h1>
<span class='form-message'>
<?php echo $form_message ?>
<?php echo htmlspecialchars($form_message) ?>
</span>
<?php
foreach ($inputs as $kv) { ?>
<span class='form-key'>
<?php echo $kv['key'] ?>
<?php echo htmlspecialchars($kv['key']) ?>
</span>
<<?php echo (($kv['type'] == 'textarea') ? 'textarea' : 'input') ?>
class='form-input'
type="<?php echo $kv['type'] ?>"
name="<?php echo $kv['name'] ?>"
type="<?php echo htmlspecialchars($kv['type']) ?>"
name="<?php echo htmlspecialchars($kv['name']) ?>"
<?php echo ($kv['type'] == 'hidden') ? 'hidden' : ''?>
value="<?php echo ($kv['type'] == 'textarea') ? '' : $kv['default'] ?>"
><?php echo (($kv['type'] == 'textarea') ? $kv['default'] . '</textarea>' : '') ?>
value="<?php echo ($kv['type'] == 'textarea') ? '' : htmlspecialchars($kv['default']) ?>"
><?php echo (($kv['type'] == 'textarea') ? htmlspecialchars($kv['default']) . '</textarea>' : '') ?>
<?php }
?>
<input class='form-button' type="Submit" name="Submit">