harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

some more xss prevention

Browse Source 
(cherry picked from commit 968c6ed8be)
This commit is contained in:
Mario Vavti 2019-03-18 20:30:25 +00:00 committed by Mario
parent 8893d9edc4
commit 8559334339
5 changed files with 16 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Zotlabs/Module/Channel.php
View File

@ -414,12 +414,12 @@ class Channel extends Controller {
'$page' => ((App::$pager['page'] != 1) ? App::$pager['page'] : 1), '$page' => ((App::$pager['page'] != 1) ? App::$pager['page'] : 1),
'$search' => $search, '$search' => $search,
'$xchan' => '', '$xchan' => '',
'$order' => $order, '$order' => (($order) ? urlencode($order) : ''),,
'$list' => ((x($_REQUEST,'list')) ? intval($_REQUEST['list']) : 0), '$list' => ((x($_REQUEST,'list')) ? intval($_REQUEST['list']) : 0),
'$file' => '', '$file' => '',
'$cats' => (($category) ? urlencode($category) : ''), '$cats' => (($category) ? urlencode($category) : ''),
'$tags' => (($hashtags) ? urlencode($hashtags) : ''), '$tags' => (($hashtags) ? urlencode($hashtags) : ''),
'$mid' => $mid, '$mid' => (($mid) ? urlencode($mid) : ''),,
'$verb' => '', '$verb' => '',
'$net' => '', '$net' => '',
'$dend' => $datequery, '$dend' => $datequery,

2
Zotlabs/Module/Display.php
View File

@ -233,7 +233,7 @@ class Display extends \Zotlabs\Web\Controller {
'$dbegin' => '', '$dbegin' => '',
'$verb' => '', '$verb' => '',
'$net' => '', '$net' => '',
'$mid' => $mid '$mid' => (($mid) ? urlencode($mid) : '')
)); ));
head_add_link([ head_add_link([

2
Zotlabs/Module/Hq.php
View File

@ -194,7 +194,7 @@ class Hq extends \Zotlabs\Web\Controller {
'$dbegin' => '', '$dbegin' => '',
'$verb' => '', '$verb' => '',
'$net' => '', '$net' => '',
'$mid' => $mid '$mid' => (($mid) ? urlencode($mid) : '')
]); ]);
} }

18
Zotlabs/Module/Network.php
View File

@ -368,19 +368,19 @@ class Network extends \Zotlabs\Web\Controller {
'$static' => $static, '$static' => $static,
'$list' => ((x($_REQUEST,'list')) ? intval($_REQUEST['list']) : 0), '$list' => ((x($_REQUEST,'list')) ? intval($_REQUEST['list']) : 0),
'$page' => ((App::$pager['page'] != 1) ? App::$pager['page'] : 1), '$page' => ((App::$pager['page'] != 1) ? App::$pager['page'] : 1),
'$search' => (($search) ? $search : ''), '$search' => (($search) ? urlencode($search) : ''),
'$xchan' => $xchan, '$xchan' => (($xchan) ? urlencode($xchan) : ''),
'$order' => $order, '$order' => $order,
'$file' => $file, '$file' => (($file) ? urlencode($file) : ''),
'$cats' => urlencode($category), '$cats' => (($category) ? urlencode($category) : ''),
'$tags' => urlencode($hashtags), '$tags' => (($hashtags) ? urlencode($hashtags) : ''),
'$dend' => $datequery, '$dend' => $datequery,
'$mid' => '', '$mid' => '',
'$verb' => $verb, '$verb' => (($verb) ? urlencode($verb) : ''),
'$net' => $net, '$net' => (($net) ? urlencode($net) : ''),
'$dbegin' => $datequery2, '$dbegin' => $datequery2,
'$pf' => (($pf) ? $pf : '0'), '$pf' => (($pf) ? intval($pf) : 0),
'$unseen' => $unseen '$unseen' => (($unseen) ? urlencode($unseen) : '')
)); ));
} }

6
Zotlabs/Module/Pubstream.php
View File

@ -149,11 +149,11 @@ class Pubstream extends \Zotlabs\Web\Controller {
'$order' => 'comment', '$order' => 'comment',
'$file' => '', '$file' => '',
'$cats' => '', '$cats' => '',
'$tags' => $hashtags, '$tags' => (($hashtags) ? urlencode($hashtags) : ''),
'$dend' => '', '$dend' => '',
'$mid' => $mid, '$mid' => (($mid) ? urlencode($mid) : ''),
'$verb' => '', '$verb' => '',
'$net' => $net, '$net' => (($net) ? urlencode($net) : ''),
'$dbegin' => '' '$dbegin' => ''
)); ));
} }