more xss protections because html a shit A SHIT

2023-04-03 14:20:47 +02:00 · 2023-04-03 14:20:47 +02:00 · 5db9926166
parent 0ac577f398
commit 5db9926166
1 changed files with 4 additions and 1 deletions
--- a/registerform.sh
+++ b/registerform.sh
@ -5,6 +5,9 @@ sendcaptchashort() {
 	curl --silent -XPOST "$captchouliurl" -H "$HTTP_CONTENT_TYPE" -d "$1" > /dev/null
 }

+htmlspecialchars() {
+	echo "$1" | sed -e 's/&/,amp/g' -e 's/"/,quot/g' -e 's/</,lt/g' -e 's/>/,gt/g' | head -n 1 
+}

 registrationpage() {
 	echo "Content-type: text/html"
@ -48,7 +51,7 @@ registrationpage() {

 # get post body from captchouli to check if its valid later
 data=$(cat)
-id=$(echo "$data" | cut -d '=' -f 2 | cut -d '&' -f 1)
+id=$(htmlspecialchars $(echo "$data" | cut -d '=' -f 2 | cut -d '&' -f 1))

 registrationpage
 # sends the captcha id to capthouli so it knows it was solved