Security: fix multiple XSS vulnerabilities + fix search tags with special chars

[github/shaarli/Shaarli.git] / application / front / controller / visitor / TagController.php

diff --git a/application/front/controller/visitor/TagController.php b/application/front/controller/visitor/TagController.php
index a0bc1d1b633db4151758e18dddc2a1d0947fc9e7..de4e7ea28861daabb8c742aeeddd7725930cb95f 100644 (file)
--- a/application/front/controller/visitor/TagController.php
+++ b/application/front/controller/visitor/TagController.php
@@ -27,10 +27,10 @@ class TagController extends ShaarliVisitorController
         // In case browser does not send HTTP_REFERER, we search a single tag
         if (null === $referer) {
             if (null !== $newTag) {
-                return $response->withRedirect('./?searchtags='. urlencode($newTag));
+                return $this->redirect($response, '/?searchtags='. urlencode($newTag));
             }
 
-            return $response->withRedirect('./');
+            return $this->redirect($response, '/');
         }
 
         $currentUrl = parse_url($referer);
@@ -81,7 +81,7 @@ class TagController extends ShaarliVisitorController
 
         // If the referrer is not provided, we can update the search, so we failback on the bookmark list
         if (empty($referer)) {
-            return $response->withRedirect('./');
+            return $this->redirect($response, '/');
         }
 
         $tagToRemove = $args['tag'] ?? null;