Merge pull request #54 from timstoffel/master

Reflective XSS in searchbox module
2026-02-25 20:40:44 +01:00 · 2019-06-17 18:21:19 +02:00
parent acd661d7f1 32f99b1214
commit 03251d0f9b
1 changed files with 2 additions and 0 deletions
--- a/inc/modules/searchbox/Site.php
+++ b/inc/modules/searchbox/Site.php
@@ -34,6 +34,8 @@
        public function getSearch($phrase, $index = 1)
        {
            $phrase = urldecode($phrase);
+            $phrase = strip_tags ($phrase);
+            $phrase = htmlentities ($phrase);
            $searchTemplate = 'search.html';
            $phraseMinLength = 3;