mirror/webgui
1
0
Fork 0
mirror of https://github.com/unraid/webgui.git synced 2026-01-06 01:29:54 -06:00
Code Issues Packages Projects Releases Wiki Activity

feat: implement safe title processing in MainContent, MainContentTabbed, and MainContentTabless

Browse Source 
- Introduced a new function `processTitle` to safely handle page titles by replacing PHP variables with their values without using eval.
- Updated title handling in MainContent, MainContentTabbed, and MainContentTabless to utilize the new `processTitle` function, enhancing security and maintainability.
This commit is contained in:
Zack Spear
2025-05-09 13:23:03 -07:00
parent 4ab619b94a
commit 9d0db98241
3 changed files with 26 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
emhttp/plugins/dynamix/include/DefaultPageLayout/MainContentTabbed.php
View File

@@ -10,10 +10,7 @@
<? $i = 0; ?>
<? foreach ($pages as $page): ?>
<? if (!isset($page['Title'])) continue; ?>
<?
/** ensures variables in any .page title are used */
eval("\$title=\"".htmlspecialchars((string)$page['Title'])."\";");
?>
<? $title = processTitle($page['Title']); ?>
<? $tabId = "tab" . ($i+1); ?>
<button
role="tab"
@@ -35,6 +32,7 @@
if (!isset($page['Title'])) {
continue;
}
$title = processTitle($page['Title']);
$tabId = "tab" . ($i+1);
annotate($page['file']);
?>