diff options
author | ArthurHoaro <arthur@hoa.ro> | 2017-10-07 11:33:20 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-10-07 11:33:20 +0200 |
commit | be9ddff2fb8706ce575e95e8cd64458411895dbe (patch) | |
tree | b2682f8f9567fda6ad7207f3c625bb616b4f47c2 | |
parent | c8d96b4729a96ff2321862ca13a727658860e7a5 (diff) | |
parent | d14555a3dfdc0d16badefcc54054802ae83752a4 (diff) | |
download | Shaarli-be9ddff2fb8706ce575e95e8cd64458411895dbe.tar.gz Shaarli-be9ddff2fb8706ce575e95e8cd64458411895dbe.tar.zst Shaarli-be9ddff2fb8706ce575e95e8cd64458411895dbe.zip |
Merge pull request #987 from ArthurHoaro/hotfix/security-issue
Fix security issue reported by @chb9
-rw-r--r-- | index.php | 4 | ||||
-rw-r--r-- | tpl/default/tag.cloud.html | 2 |
2 files changed, 3 insertions, 3 deletions
@@ -840,7 +840,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history) | |||
840 | } | 840 | } |
841 | 841 | ||
842 | $data = array( | 842 | $data = array( |
843 | 'search_tags' => implode(' ', $filteringTags), | 843 | 'search_tags' => implode(' ', escape($filteringTags)), |
844 | 'tags' => $tagList, | 844 | 'tags' => $tagList, |
845 | ); | 845 | ); |
846 | $pluginManager->executeHooks('render_tagcloud', $data, array('loggedin' => isLoggedIn())); | 846 | $pluginManager->executeHooks('render_tagcloud', $data, array('loggedin' => isLoggedIn())); |
@@ -870,7 +870,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history) | |||
870 | } | 870 | } |
871 | 871 | ||
872 | $data = [ | 872 | $data = [ |
873 | 'search_tags' => implode(' ', $filteringTags), | 873 | 'search_tags' => implode(' ', escape($filteringTags)), |
874 | 'tags' => $tags, | 874 | 'tags' => $tags, |
875 | ]; | 875 | ]; |
876 | $pluginManager->executeHooks('render_taglist', $data, ['loggedin' => isLoggedIn()]); | 876 | $pluginManager->executeHooks('render_taglist', $data, ['loggedin' => isLoggedIn()]); |
diff --git a/tpl/default/tag.cloud.html b/tpl/default/tag.cloud.html index 96b357a3..68335c70 100644 --- a/tpl/default/tag.cloud.html +++ b/tpl/default/tag.cloud.html | |||
@@ -26,7 +26,7 @@ | |||
26 | <input type="hidden" name="do" value="tagcloud"> | 26 | <input type="hidden" name="do" value="tagcloud"> |
27 | <input type="text" name="searchtags" placeholder="{'Filter by tag'|t}" | 27 | <input type="text" name="searchtags" placeholder="{'Filter by tag'|t}" |
28 | {if="!empty($search_tags)"} | 28 | {if="!empty($search_tags)"} |
29 | value="{$search_tags}" | 29 | value="{$search_tags}" |
30 | {/if} | 30 | {/if} |
31 | autocomplete="off" data-multiple data-autofirst data-minChars="1" | 31 | autocomplete="off" data-multiple data-autofirst data-minChars="1" |
32 | data-list="{loop="$tags"}{$key}, {/loop}" | 32 | data-list="{loop="$tags"}{$key}, {/loop}" |