harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

xss in search

Browse Source
This commit is contained in:
zotlabs 2018-11-13 14:23:56 -08:00
parent 4a6b45cf04
commit 31f4d9066b
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Zotlabs/Module/Search.php
View File

@ -6,7 +6,7 @@ class Search extends \Zotlabs\Web\Controller {
function init() { function init() {
if(x($_REQUEST,'search')) if(x($_REQUEST,'search'))
\App::$data['search'] = $_REQUEST['search']; \App::$data['search'] = escape_tags($_REQUEST['search']);
} }
@ -46,12 +46,12 @@ class Search extends \Zotlabs\Web\Controller {
if(x(\App::$data,'search')) if(x(\App::$data,'search'))
$search = trim(\App::$data['search']); $search = trim(\App::$data['search']);
else else
$search = ((x($_GET,'search')) ? trim(rawurldecode($_GET['search'])) : ''); $search = ((x($_GET,'search')) ? trim(escape_tags(rawurldecode($_GET['search']))) : '');
$tag = false; $tag = false;
if(x($_GET,'tag')) { if(x($_GET,'tag')) {
$tag = true; $tag = true;
$search = ((x($_GET,'tag')) ? trim(rawurldecode($_GET['tag'])) : ''); $search = ((x($_GET,'tag')) ? trim(escape_tags(rawurldecode($_GET['tag']))) : '');
} }
$static = ((array_key_exists('static',$_REQUEST)) ? intval($_REQUEST['static']) : 0); $static = ((array_key_exists('static',$_REQUEST)) ? intval($_REQUEST['static']) : 0);