Fix XSS vulnerability in tag search (#2039)

It affect the title tag of the bookmark list page.
Fixes shaarli/Shaarli#2038
This commit is contained in:
ArthurHoaro 2023-11-22 10:29:30 -05:00 committed by GitHub
parent ca07f265f1
commit 326870f216
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -82,6 +82,9 @@ class BookmarkListController extends ShaarliVisitorController
$searchTagsUrlEncoded = array_map('urlencode', tags_str2array($searchTags, $tagsSeparator));
$searchTags = !empty($searchTags) ? trim($searchTags, $tagsSeparator) . $tagsSeparator : '';
$searchTags = !empty($searchTags) ? escape($searchTags) : '';
$searchTerm = !empty($searchTerm) ? escape($searchTerm) : '';
// Fill all template fields.
$data = array_merge(
$this->initializeTemplateVars(),
@ -91,8 +94,8 @@ class BookmarkListController extends ShaarliVisitorController
'page_current' => $page,
'page_max' => $searchResult->getLastPage(),
'result_count' => $searchResult->getTotalCount(),
'search_term' => escape($searchTerm),
'search_tags' => escape($searchTags),
'search_term' => $searchTerm,
'search_tags' => $searchTags,
'search_tags_url' => $searchTagsUrlEncoded,
'visibility' => $visibility,
'links' => $links,