From 8909fea4b13db74f2daffc32d7973db73ab977e3 Mon Sep 17 00:00:00 2001
From: Michele0303 <31160531+Michele0303@users.noreply.github.com>
Date: Tue, 2 Aug 2022 19:55:09 +0200
Subject: [PATCH] multiple cross-site scripting reflected fixed

---
 .../src/main/resources/extracted/web/standalone/MySQL_tiles.php | 2 +-
 .../resources/extracted/web/standalone/PostgreSQL_markers.php   | 2 +-
 .../resources/extracted/web/standalone/PostgreSQL_tiles.php     | 2 +-
 .../main/resources/extracted/web/standalone/SQLite_markers.php  | 2 +-
 .../main/resources/extracted/web/standalone/SQLite_tiles.php    | 2 +-
 .../src/main/resources/extracted/web/standalone/markers.php     | 2 +-
 .../src/main/resources/extracted/web/standalone/tiles.php       | 2 +-
 7 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/DynmapCore/src/main/resources/extracted/web/standalone/MySQL_tiles.php b/DynmapCore/src/main/resources/extracted/web/standalone/MySQL_tiles.php
index 51699bc1..00c3af2b 100644
--- a/DynmapCore/src/main/resources/extracted/web/standalone/MySQL_tiles.php
+++ b/DynmapCore/src/main/resources/extracted/web/standalone/MySQL_tiles.php
@@ -19,7 +19,7 @@ if (strcmp($userid, '-guest-')) {
     $loggedin = true;
 }
 
-$path = $_REQUEST['tile'];
+$path = htmlspecialchars($_REQUEST['tile']);
 if ((!isset($path)) || strstr($path, "..")) {
     header('HTTP/1.0 500 Error');
     echo "<h1>500 Error</h1>";
diff --git a/DynmapCore/src/main/resources/extracted/web/standalone/PostgreSQL_markers.php b/DynmapCore/src/main/resources/extracted/web/standalone/PostgreSQL_markers.php
index 76beb457..98fc1cb3 100644
--- a/DynmapCore/src/main/resources/extracted/web/standalone/PostgreSQL_markers.php
+++ b/DynmapCore/src/main/resources/extracted/web/standalone/PostgreSQL_markers.php
@@ -19,7 +19,7 @@ if (strcmp($userid, '-guest-')) {
     $loggedin = true;
 }
 
-$path = $_REQUEST['marker'];
+$path = htmlspecialchars($_REQUEST['marker']);
 if ((!isset($path)) || strstr($path, "..")) {
     header('HTTP/1.0 500 Error');
     echo "<h1>500 Error</h1>";
diff --git a/DynmapCore/src/main/resources/extracted/web/standalone/PostgreSQL_tiles.php b/DynmapCore/src/main/resources/extracted/web/standalone/PostgreSQL_tiles.php
index b95d00cd..c2e1fb65 100644
--- a/DynmapCore/src/main/resources/extracted/web/standalone/PostgreSQL_tiles.php
+++ b/DynmapCore/src/main/resources/extracted/web/standalone/PostgreSQL_tiles.php
@@ -19,7 +19,7 @@ if (strcmp($userid, '-guest-')) {
     $loggedin = true;
 }
 
-$path = $_REQUEST['tile'];
+$path = htmlspecialchars($_REQUEST['tile']);
 if ((!isset($path)) || strstr($path, "..")) {
     header('HTTP/1.0 500 Error');
     echo "<h1>500 Error</h1>";
diff --git a/DynmapCore/src/main/resources/extracted/web/standalone/SQLite_markers.php b/DynmapCore/src/main/resources/extracted/web/standalone/SQLite_markers.php
index 769f2562..7707bc9a 100644
--- a/DynmapCore/src/main/resources/extracted/web/standalone/SQLite_markers.php
+++ b/DynmapCore/src/main/resources/extracted/web/standalone/SQLite_markers.php
@@ -17,7 +17,7 @@ if (strcmp($userid, '-guest-')) {
     $loggedin = true;
 }
 
-$path = $_REQUEST['marker'];
+$path = htmlspecialchars($_REQUEST['marker']);
 if ((!isset($path)) || strstr($path, "..")) {
     header('HTTP/1.0 500 Error');
     echo "<h1>500 Error</h1>";
diff --git a/DynmapCore/src/main/resources/extracted/web/standalone/SQLite_tiles.php b/DynmapCore/src/main/resources/extracted/web/standalone/SQLite_tiles.php
index 83cfaf29..9feea7fb 100644
--- a/DynmapCore/src/main/resources/extracted/web/standalone/SQLite_tiles.php
+++ b/DynmapCore/src/main/resources/extracted/web/standalone/SQLite_tiles.php
@@ -17,7 +17,7 @@ if (strcmp($userid, '-guest-')) {
     $loggedin = true;
 }
 
-$path = $_REQUEST['tile'];
+$path = htmlspecialchars($_REQUEST['tile']);
 if ((!isset($path)) || strstr($path, "..")) {
     header('HTTP/1.0 500 Error');
     echo "<h1>500 Error</h1>";
diff --git a/DynmapCore/src/main/resources/extracted/web/standalone/markers.php b/DynmapCore/src/main/resources/extracted/web/standalone/markers.php
index 795ef8de..541e0ebc 100644
--- a/DynmapCore/src/main/resources/extracted/web/standalone/markers.php
+++ b/DynmapCore/src/main/resources/extracted/web/standalone/markers.php
@@ -24,7 +24,7 @@ if (strcmp($userid, '-guest-')) {
     $loggedin = true;
 }
 
-$path = $_REQUEST['marker'];
+$path = htmlspecialchars($_REQUEST['marker']);
 if ((!isset($path)) || strstr($path, "..")) {
     header('HTTP/1.0 500 Error');
     echo "<h1>500 Error</h1>";
diff --git a/DynmapCore/src/main/resources/extracted/web/standalone/tiles.php b/DynmapCore/src/main/resources/extracted/web/standalone/tiles.php
index fdcf8c6d..11e46df4 100644
--- a/DynmapCore/src/main/resources/extracted/web/standalone/tiles.php
+++ b/DynmapCore/src/main/resources/extracted/web/standalone/tiles.php
@@ -24,7 +24,7 @@ if (strcmp($userid, '-guest-')) {
     $loggedin = true;
 }
 
-$path = $_REQUEST['tile'];
+$path = htmlspecialchars($_REQUEST['tile']);
 if ((!isset($path)) || strstr($path, "..")) {
     header('HTTP/1.0 500 Error');
     echo "<h1>500 Error</h1>";