Fix security issue reported by @chbi

Vulnerability introduced by 6ccd0b218f - release with Shaarli v0.9.1.
This commit is contained in:
ArthurHoaro 2017-10-07 11:27:44 +02:00
parent a59bbf50d7
commit d14555a3df
2 changed files with 3 additions and 3 deletions

View file

@ -840,7 +840,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
} }
$data = array( $data = array(
'search_tags' => implode(' ', $filteringTags), 'search_tags' => implode(' ', escape($filteringTags)),
'tags' => $tagList, 'tags' => $tagList,
); );
$pluginManager->executeHooks('render_tagcloud', $data, array('loggedin' => isLoggedIn())); $pluginManager->executeHooks('render_tagcloud', $data, array('loggedin' => isLoggedIn()));
@ -870,7 +870,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
} }
$data = [ $data = [
'search_tags' => implode(' ', $filteringTags), 'search_tags' => implode(' ', escape($filteringTags)),
'tags' => $tags, 'tags' => $tags,
]; ];
$pluginManager->executeHooks('render_taglist', $data, ['loggedin' => isLoggedIn()]); $pluginManager->executeHooks('render_taglist', $data, ['loggedin' => isLoggedIn()]);

View file

@ -26,7 +26,7 @@ <h2 class="window-title">{'Tag cloud'|t} - {$countTags} {'tags'|t}</h2>
<input type="hidden" name="do" value="tagcloud"> <input type="hidden" name="do" value="tagcloud">
<input type="text" name="searchtags" placeholder="{'Filter by tag'|t}" <input type="text" name="searchtags" placeholder="{'Filter by tag'|t}"
{if="!empty($search_tags)"} {if="!empty($search_tags)"}
value="{$search_tags}" value="{$search_tags}"
{/if} {/if}
autocomplete="off" data-multiple data-autofirst data-minChars="1" autocomplete="off" data-multiple data-autofirst data-minChars="1"
data-list="{loop="$tags"}{$key}, {/loop}" data-list="{loop="$tags"}{$key}, {/loop}"