From 0b6daef5df355b6d0bc1ee2ae01b4f33a91760d2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Radovansk=C3=BD=2C=20Luk=C3=A1=C5=A1?=
 <radovluk@fel.cvut.cz>
Date: Fri, 17 Nov 2023 16:28:29 +0700
Subject: [PATCH] XSS Attack Vulnerability in LaguController

---
 tugas-besar-1-webtune-app/Controller/LaguController.php | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/tugas-besar-1-webtune-app/Controller/LaguController.php b/tugas-besar-1-webtune-app/Controller/LaguController.php
index 38bd8d3..1da2470 100644
--- a/tugas-besar-1-webtune-app/Controller/LaguController.php
+++ b/tugas-besar-1-webtune-app/Controller/LaguController.php
@@ -261,10 +261,11 @@ class LaguController
         $formData = $req->formData();
         // print_r($formData);
         //datanya
-        $title = $formData["title"];
-        $release_date = $formData["release_date"];
-        $singer_name = $formData["singer_name"];
-        $genre = $formData["genre"];
+        // Sanitizing user input
+        $title = htmlspecialchars($formData["title"], ENT_QUOTES, 'UTF-8');
+        $release_date = htmlspecialchars($formData["release_date"], ENT_QUOTES, 'UTF-8');
+        $singer_name = htmlspecialchars($formData["singer_name"], ENT_QUOTES, 'UTF-8');
+        $genre = htmlspecialchars($formData["genre"], ENT_QUOTES, 'UTF-8');
         //proses file
         //lagu
         $target_path_audio = "/";
-- 
GitLab