Fix XSS vulnerability in tag search (#2039)
It affect the title tag of the bookmark list page. Fixes shaarli/Shaarli#2038
This commit is contained in:
parent
ca07f265f1
commit
326870f216
1 changed files with 5 additions and 2 deletions
|
@ -82,6 +82,9 @@ class BookmarkListController extends ShaarliVisitorController
|
|||
$searchTagsUrlEncoded = array_map('urlencode', tags_str2array($searchTags, $tagsSeparator));
|
||||
$searchTags = !empty($searchTags) ? trim($searchTags, $tagsSeparator) . $tagsSeparator : '';
|
||||
|
||||
$searchTags = !empty($searchTags) ? escape($searchTags) : '';
|
||||
$searchTerm = !empty($searchTerm) ? escape($searchTerm) : '';
|
||||
|
||||
// Fill all template fields.
|
||||
$data = array_merge(
|
||||
$this->initializeTemplateVars(),
|
||||
|
@ -91,8 +94,8 @@ class BookmarkListController extends ShaarliVisitorController
|
|||
'page_current' => $page,
|
||||
'page_max' => $searchResult->getLastPage(),
|
||||
'result_count' => $searchResult->getTotalCount(),
|
||||
'search_term' => escape($searchTerm),
|
||||
'search_tags' => escape($searchTags),
|
||||
'search_term' => $searchTerm,
|
||||
'search_tags' => $searchTags,
|
||||
'search_tags_url' => $searchTagsUrlEncoded,
|
||||
'visibility' => $visibility,
|
||||
'links' => $links,
|
||||
|
|
Loading…
Reference in a new issue