Sanitize input in AdminPage::get_concerts.

author: Harald Eilertsen <haraldei@anduin.net> 2021-04-02 12:43:16 +0200
committer: Harald Eilertsen <haraldei@anduin.net> 2021-04-02 12:43:16 +0200
commit: a0359acccbecbea6be0e73e0957f2ddc0e2eb941 (patch)
tree: b6482a0b9b2caefdcfa376dc7eb33bf7a8cb59df /includes/admin/views/giglog_admin_page.php
parent: 65d1dcfb5ce005f7806b1c8d3e2ffbd52ffe4318 (diff)
download: gigologadmin-a0359acccbecbea6be0e73e0957f2ddc0e2eb941.tar.gz
gigologadmin-a0359acccbecbea6be0e73e0957f2ddc0e2eb941.tar.bz2
gigologadmin-a0359acccbecbea6be0e73e0957f2ddc0e2eb941.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/includes/admin/views/giglog_admin_page.php b/includes/admin/views/giglog_admin_page.php
index b99c95e..0f8df53 100644
--- a/includes/admin/views/giglog_admin_page.php
+++ b/includes/admin/views/giglog_admin_page.php
@@ -100,10 +100,10 @@ if ( !class_exists( 'GiglogAdmin_AdminPage' ) ) {
                 <th>STATUS</th></tr>';
 
             // Use the submitted "city" if any. Otherwise, use the default/static value.
-            $cty = filter_input( INPUT_POST, 'selectcity' );
+            $cty = filter_input( INPUT_POST, 'selectcity', FILTER_SANITIZE_SPECIAL_CHARS );
             $cty = $cty ? $cty: 'ALL';
 
-            $venue = filter_input( INPUT_POST, 'selectvenue' );
+            $venue = filter_input( INPUT_POST, 'selectvenue', FILTER_SANITIZE_SPECIAL_CHARS );
             $venue = $venue ? $venue : '0';
author	Harald Eilertsen <haraldei@anduin.net>	2021-04-02 12:43:16 +0200
committer	Harald Eilertsen <haraldei@anduin.net>	2021-04-02 12:43:16 +0200
commit	a0359acccbecbea6be0e73e0957f2ddc0e2eb941 (patch)
tree	b6482a0b9b2caefdcfa376dc7eb33bf7a8cb59df /includes/admin/views/giglog_admin_page.php
parent	65d1dcfb5ce005f7806b1c8d3e2ffbd52ffe4318 (diff)
download	gigologadmin-a0359acccbecbea6be0e73e0957f2ddc0e2eb941.tar.gz gigologadmin-a0359acccbecbea6be0e73e0957f2ddc0e2eb941.tar.bz2 gigologadmin-a0359acccbecbea6be0e73e0957f2ddc0e2eb941.zip