BarryServer : Git

All the code for all my projects
// BarryServer : Git / barryserver-git / commit / f3862a9d5b60134c642a8c741d0365162ae6cce7 / git.php

// Related

barryserver-git

Barry Fixing XSS and RCE vulnerabilities f3862a9 (3 years, 11 months ago)
diff --git a/git.php b/git.php
index cd6a7a1..5dfee33 100644
--- a/git.php
+++ b/git.php
@@ -196,13 +196,20 @@ ob_start();
 		<h1><?php echo $TITLE; ?></h1>
 <?php
 	$path = $_SERVER["PATH_INFO"];
+	$path = str_replace("\"","\\\"",$path);
+	$path = str_replace("'","\'",$path);
+	$path = str_replace("$","\$",$path);
+	$path = str_replace(")","\)",$path);
+	$path = str_replace("(","\(",$path);
+	$path = str_replace("`","\`",$path);
+	$path = str_replace("|","\|",$path);
 	if (!isset($path) || $path === "") {header("Location: ".$ROOT.$SCRIPT."/");}
 
 	echo "		<span class=\"path\"><a href=\"".$ROOT.$SCRIPT."/\">".$TITLE."</a>";
 	$full = $ROOT.$SCRIPT;
 	foreach (explode("/", substr($path,1)) as $part) {
-		$full .= "/".$part;
-		echo "/<a href=\"".$full."\">".$part."</a>";
+		$full .= "/".htmlspecialchars($part);
+		echo "/<a href=\"".$full."\">".htmlspecialchars($part)."</a>";
 	}
 	echo "</span><br><br>\n";