Add files via upload

Private/scripts/getxml.php

@@ -32,7 +32,8 @@ header("Content-type: text/xml");
 //
 // PARAMETER VALIDATION
 //
-$filename = filter_input(INPUT_GET, "f");
+$filename = filter_input(INPUT_GET, "f")??"";
+$filename = strip_tags($filename);
 //switch ($filename) {
 //  case "cube1":
 //  case "cube2":  

Private/scripts/home.php

@@ -28,9 +28,11 @@
 
 $curLocale = APP_LOCALE;
 
-$password = filter_input(INPUT_POST, "Password");
+$password = filter_input(INPUT_POST, "Password")??"";
+$password = strip_tags($password);
 if ($password==PHP_STR) {
-  $password = filter_input(INPUT_POST, "Password2");
+  $password = filter_input(INPUT_POST, "Password2")??"";
+  $password = strip_tags($password);
 }  
 
 if ($password !== PHP_STR) {	
@@ -856,4 +858,4 @@ if ($password !== PHP_STR) {
 <?php endif; ?>
   
 </body>
-</html>
+</html>