Commit b944c43c authored by chandi's avatar chandi Committed by Matthias Larisch

fix reflected XSS in xhrapp.php?app=quiz&m=next

parent 2a3a2b76
......@@ -554,9 +554,7 @@ class QuizXhr extends Control
* Have a look has the user entered an comment for this question?
*/
if (isset($_GET['comment']) && !empty($_GET['comment'])) {
$comment = strip_tags($_GET['comment']);
$comment = $_GET['commentanswers'] . $comment;
$comment = strip_tags($_GET['commentanswers'] . $_GET['comment']);
// if yes lets store in the db
$this->model->addUserComment((int)$_GET['qid'], $comment);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment