Fix security issue reported by @chbi
Vulnerability introduced by 6ccd0b218f
- release with Shaarli v0.9.1.
This commit is contained in:
parent
a59bbf50d7
commit
d14555a3df
2 changed files with 3 additions and 3 deletions
|
@ -840,7 +840,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
|
||||||
}
|
}
|
||||||
|
|
||||||
$data = array(
|
$data = array(
|
||||||
'search_tags' => implode(' ', $filteringTags),
|
'search_tags' => implode(' ', escape($filteringTags)),
|
||||||
'tags' => $tagList,
|
'tags' => $tagList,
|
||||||
);
|
);
|
||||||
$pluginManager->executeHooks('render_tagcloud', $data, array('loggedin' => isLoggedIn()));
|
$pluginManager->executeHooks('render_tagcloud', $data, array('loggedin' => isLoggedIn()));
|
||||||
|
@ -870,7 +870,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
|
||||||
}
|
}
|
||||||
|
|
||||||
$data = [
|
$data = [
|
||||||
'search_tags' => implode(' ', $filteringTags),
|
'search_tags' => implode(' ', escape($filteringTags)),
|
||||||
'tags' => $tags,
|
'tags' => $tags,
|
||||||
];
|
];
|
||||||
$pluginManager->executeHooks('render_taglist', $data, ['loggedin' => isLoggedIn()]);
|
$pluginManager->executeHooks('render_taglist', $data, ['loggedin' => isLoggedIn()]);
|
||||||
|
|
|
@ -26,7 +26,7 @@ <h2 class="window-title">{'Tag cloud'|t} - {$countTags} {'tags'|t}</h2>
|
||||||
<input type="hidden" name="do" value="tagcloud">
|
<input type="hidden" name="do" value="tagcloud">
|
||||||
<input type="text" name="searchtags" placeholder="{'Filter by tag'|t}"
|
<input type="text" name="searchtags" placeholder="{'Filter by tag'|t}"
|
||||||
{if="!empty($search_tags)"}
|
{if="!empty($search_tags)"}
|
||||||
value="{$search_tags}"
|
value="{$search_tags}"
|
||||||
{/if}
|
{/if}
|
||||||
autocomplete="off" data-multiple data-autofirst data-minChars="1"
|
autocomplete="off" data-multiple data-autofirst data-minChars="1"
|
||||||
data-list="{loop="$tags"}{$key}, {/loop}"
|
data-list="{loop="$tags"}{$key}, {/loop}"
|
||||||
|
|
Loading…
Reference in a new issue