Resolução XSS [Issue #879]

LabRedesCefetRJ · Jan 6, 2025 · 824e4c5 · 824e4c5
1 parent 0b1b613
commit 824e4c5
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/html/geral/modulos_visiveis.php b/html/geral/modulos_visiveis.php
@@ -176,13 +176,13 @@
 										<form method="post" id="formulario" action="<?php echo(WWW.'controle/control.php'); ?>">
 										<?php
 											if(isset($_GET['msg_c'])){
-												$msg = $_GET['msg_c'];
+												$msg = filter_input(INPUT_GET, 'msg_c', FILTER_SANITIZE_STRING);
 												echo('<div class="alert alert-success" role="alert">
-												'. $msg .'
+												'. htmlspecialchars($msg) .'
 											  </div>');
 											}
 											if($permissao == 1){
-												echo($msg." - ".$permissao);
+												echo(htmlspecialchars($msg)." - ".$permissao);
 											}else{
 										?>
 											<div class="form-group">