fix(profile): neutralize stored XSS in profile descriptions [#250] (#252)

This commit is contained in:
Ferywir
2026-06-22 15:31:20 +02:00
committed by GitHub
parent 4b208dbfd8
commit 9d2d7699a9
5 changed files with 36 additions and 7 deletions
+5
View File
@@ -239,6 +239,11 @@ class Profile {
$database->setVillageName($varray[$i]['wref'], $newName);
}
// Invalidate the 30s session user-cache (see Session::PopulateVar) so the
// saved description/birthday/etc. show up immediately on the edit form and
// header, without waiting for the cache to expire (issue #250).
unset($_SESSION['cache_user_' . ($_SESSION['username'] ?? '')]);
header("Location: spieler.php?uid=" . $session->uid);
exit;
}