From 31f4d9066b6bffcbe539f293bf814c418f1523cf Mon Sep 17 00:00:00 2001 From: zotlabs Date: Tue, 13 Nov 2018 14:23:56 -0800 Subject: xss in search --- Zotlabs/Module/Search.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'Zotlabs/Module/Search.php') diff --git a/Zotlabs/Module/Search.php b/Zotlabs/Module/Search.php index e520c671d..272bbdac1 100644 --- a/Zotlabs/Module/Search.php +++ b/Zotlabs/Module/Search.php @@ -6,7 +6,7 @@ class Search extends \Zotlabs\Web\Controller { function init() { if(x($_REQUEST,'search')) - \App::$data['search'] = $_REQUEST['search']; + \App::$data['search'] = escape_tags($_REQUEST['search']); } @@ -46,12 +46,12 @@ class Search extends \Zotlabs\Web\Controller { if(x(\App::$data,'search')) $search = trim(\App::$data['search']); else - $search = ((x($_GET,'search')) ? trim(rawurldecode($_GET['search'])) : ''); + $search = ((x($_GET,'search')) ? trim(escape_tags(rawurldecode($_GET['search']))) : ''); $tag = false; if(x($_GET,'tag')) { $tag = true; - $search = ((x($_GET,'tag')) ? trim(rawurldecode($_GET['tag'])) : ''); + $search = ((x($_GET,'tag')) ? trim(escape_tags(rawurldecode($_GET['tag']))) : ''); } $static = ((array_key_exists('static',$_REQUEST)) ? intval($_REQUEST['static']) : 0); -- cgit v1.2.3