aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorzotlabs <mike@macgirvin.com>2018-11-13 14:23:56 -0800
committerzotlabs <mike@macgirvin.com>2018-11-13 14:23:56 -0800
commit31f4d9066b6bffcbe539f293bf814c418f1523cf (patch)
treed892da2fd7b361e8dc8b32d0dcc4c00ff010f395
parent4a6b45cf048f4561cbeecab9a487ce55cdc4ddfd (diff)
downloadvolse-hubzilla-31f4d9066b6bffcbe539f293bf814c418f1523cf.tar.gz
volse-hubzilla-31f4d9066b6bffcbe539f293bf814c418f1523cf.tar.bz2
volse-hubzilla-31f4d9066b6bffcbe539f293bf814c418f1523cf.zip
xss in search
-rw-r--r--Zotlabs/Module/Search.php6
1 files changed, 3 insertions, 3 deletions
diff --git a/Zotlabs/Module/Search.php b/Zotlabs/Module/Search.php
index e520c671d..272bbdac1 100644
--- a/Zotlabs/Module/Search.php
+++ b/Zotlabs/Module/Search.php
@@ -6,7 +6,7 @@ class Search extends \Zotlabs\Web\Controller {
function init() {
if(x($_REQUEST,'search'))
- \App::$data['search'] = $_REQUEST['search'];
+ \App::$data['search'] = escape_tags($_REQUEST['search']);
}
@@ -46,12 +46,12 @@ class Search extends \Zotlabs\Web\Controller {
if(x(\App::$data,'search'))
$search = trim(\App::$data['search']);
else
- $search = ((x($_GET,'search')) ? trim(rawurldecode($_GET['search'])) : '');
+ $search = ((x($_GET,'search')) ? trim(escape_tags(rawurldecode($_GET['search']))) : '');
$tag = false;
if(x($_GET,'tag')) {
$tag = true;
- $search = ((x($_GET,'tag')) ? trim(rawurldecode($_GET['tag'])) : '');
+ $search = ((x($_GET,'tag')) ? trim(escape_tags(rawurldecode($_GET['tag']))) : '');
}
$static = ((array_key_exists('static',$_REQUEST)) ? intval($_REQUEST['static']) : 0);