security: protect XSS seekers from their own hacks

CryptoTheOne · Apr 10, 2018 · e97ea63 · e97ea63
1 parent 60fb627
commit e97ea63
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 0 deletions.
diff --git a/web/yaamp/modules/renting/login.php b/web/yaamp/modules/renting/login.php
@@ -13,6 +13,9 @@
 
 $address = getparam('address');
 if($address == 0) $address = '';
+if (!empty($address) && preg_match('/[^A-Za-z0-9]/', $address)) {
+	die;
+}
 
 echo <<<end
 

diff --git a/web/yaamp/modules/site/wallet.php b/web/yaamp/modules/site/wallet.php
@@ -14,6 +14,10 @@
 }
 
 $address = getparam('address');
+if (!empty($address) && preg_match('/[^A-Za-z0-9]/', $address)) {
+	// Just to make happy XSS seekers who can hack their own browser html...
+	die;
+}
 
 $drop_address = getparam('drop');
 if (!empty($drop_address)) {

diff --git a/web/yaamp/modules/trading/index.php b/web/yaamp/modules/trading/index.php
@@ -10,6 +10,9 @@
 $height = '240px';
 
 $wallet = user()->getState('yaamp-wallet');
+if (!empty($wallet) && preg_match('/[^A-Za-z0-9]/', $wallet)) {
+	die;
+}
 $user = getuserparam($wallet);
 
 $algo_unit = 'Mh';