fix hostname lookup xss in admin panel reported in issue 123 by Sin42

rodirefill · Nov 21, 2019 · e0b6965 · e0b6965
1 parent 66df66c
commit e0b6965
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/include/layout/user.inc.php b/include/layout/user.inc.php
@@ -300,7 +300,7 @@ function print_user_ip_log($user_id, $limit = 0) {
         echo '
         <tr>
             <td><a href="',Config::get('MELLIVORA_CONFIG_SITE_ADMIN_URL'),'list_ip_log.php?ip=',htmlspecialchars($entry['ip']),'">',htmlspecialchars($entry['ip']),'</a></td>
-            <td>',(Config::get('MELLIVORA_CONFIG_GET_IP_HOST_BY_ADDRESS') ? gethostbyaddr($entry['ip']) : '<i>Lookup disabled in config</i>'),'</td>
+            <td>',(Config::get('MELLIVORA_CONFIG_GET_IP_HOST_BY_ADDRESS') ? htmlspecialchars(gethostbyaddr($entry['ip'])) : '<i>Lookup disabled in config</i>'),'</td>
             <td>',date_time($entry['added']),'</td>
             <td>',date_time($entry['last_used']),'</td>
             <td>',number_format($entry['times_used']),'</td>