Merge pull request #798 from QuizandSurveyMaster/dev-636

Solved XSS Vulnerability #795
QuizandSurveyMaster · Nov 20, 2019 · 96602bf · 96602bf · strongPiggg · Nov 20, 2019
2 parents 6d5dfb4 + 8eabe04
commit 96602bf
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/php/admin/quiz-options-page.php b/php/admin/quiz-options-page.php
@@ -159,7 +159,7 @@ function qsm_generate_quiz_options() {
                                     <form action='' method='post' id="edit-name-form">
                                             <label><?php _e( 'Name', 'quiz-master-next' ); ?></label>
                                             <input type="text" id="edit_quiz_name" name="edit_quiz_name" value="<?php echo $quiz_name; ?>" />
-                                             <input type="hidden" id="edit_quiz_id" name="edit_quiz_id" value="<?php echo isset($_GET['quiz_id']) ? $_GET['quiz_id'] : ''; ?>" />
+                                            <input type="hidden" id="edit_quiz_id" name="edit_quiz_id" value="<?php echo isset($_GET['quiz_id']) && is_int($_GET['quiz_id']) ? (int) $_GET['quiz_id'] : '0'; ?>" />
                                             <?php wp_nonce_field( 'qsm_edit_name_quiz', 'qsm_edit_name_quiz_nonce' ); ?>
                                     </form>
                             </main>