From a0359acccbecbea6be0e73e0957f2ddc0e2eb941 Mon Sep 17 00:00:00 2001 From: Harald Eilertsen Date: Fri, 2 Apr 2021 12:43:16 +0200 Subject: Sanitize input in AdminPage::get_concerts. --- includes/admin/views/giglog_admin_page.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/includes/admin/views/giglog_admin_page.php b/includes/admin/views/giglog_admin_page.php index b99c95e..0f8df53 100644 --- a/includes/admin/views/giglog_admin_page.php +++ b/includes/admin/views/giglog_admin_page.php @@ -100,10 +100,10 @@ if ( !class_exists( 'GiglogAdmin_AdminPage' ) ) { STATUS'; // Use the submitted "city" if any. Otherwise, use the default/static value. - $cty = filter_input( INPUT_POST, 'selectcity' ); + $cty = filter_input( INPUT_POST, 'selectcity', FILTER_SANITIZE_SPECIAL_CHARS ); $cty = $cty ? $cty: 'ALL'; - $venue = filter_input( INPUT_POST, 'selectvenue' ); + $venue = filter_input( INPUT_POST, 'selectvenue', FILTER_SANITIZE_SPECIAL_CHARS ); $venue = $venue ? $venue : '0'; -- cgit v1.2.3