[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-commits
Subject: [websites/quality-kde-org] website/api.kde.org: Protect against XSS
From: Albert Astals Cid <null () kde ! org>
Date: 2017-08-22 23:09:10
Message-ID: E1dkIII-0006wi-RF () code ! kde ! org
[Download RAW message or body]
Git commit 03be29160a73861748e9fa25930eadb979ec40b0 by Albert Astals Cid.
Committed on 22/08/2017 at 23:09.
Pushed by aacid into branch 'master'.
Protect against XSS
M +1 -1 website/api.kde.org/includes/search.inc
M +3 -3 website/api.kde.org/mapsearcher.php
https://commits.kde.org/websites/quality-kde-org/03be29160a73861748e9fa25930eadb979ec40b0
diff --git a/website/api.kde.org/includes/search.inc \
b/website/api.kde.org/includes/search.inc index e714ca2..a37574c 100644
--- a/website/api.kde.org/includes/search.inc
+++ b/website/api.kde.org/includes/search.inc
@@ -11,7 +11,7 @@
?>
<form action="/mapsearcher.php" method="get">
-<input type="text" name="class" value="<?php if (array_key_exists('class',$_GET)) { \
echo $_GET["class"]; } else { echo "search term"; } ?>" style="width:100%;" \
onClick="this.value='';"/><br/> +<input type="text" name="class" value="<?php if \
(array_key_exists('class',$_GET)) { echo htmlentities($_GET["class"]); } else { echo \
"search term"; } ?>" style="width:100%;" onClick="this.value='';"/><br/> <select \
name="module"> <option>ALL</option>
<option>kdelibs</option>
diff --git a/website/api.kde.org/mapsearcher.php \
b/website/api.kde.org/mapsearcher.php index c21eba0..05ecf8a 100644
--- a/website/api.kde.org/mapsearcher.php
+++ b/website/api.kde.org/mapsearcher.php
@@ -3,17 +3,17 @@
# Default to ALL in ALL and no class
$version = 'ALL';
if (array_key_exists('version',$_GET)) {
- $version = $_GET['version'];
+ $version = htmlentities($_GET['version']);
}
$class = '';
if (array_key_exists('class',$_GET)) {
- $class = $_GET['class'];
+ $class = htmlentities($_GET['class']);
}
$module = 'ALL';
if (array_key_exists('module',$_GET)) {
- $module = $_GET['module'];
+ $module = htmlentities($_GET['module']);
}
$potential_files = false;
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic