aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorArthurHoaro <arthur@hoa.ro>2017-10-07 11:27:44 +0200
committerArthurHoaro <arthur@hoa.ro>2017-10-07 11:27:44 +0200
commitd14555a3dfdc0d16badefcc54054802ae83752a4 (patch)
treefc5a9a525f6fdc7d57096d23029c1f24130d0115
parenta59bbf50d7530d7e82a91896a210b9da49cb1568 (diff)
downloadShaarli-d14555a3dfdc0d16badefcc54054802ae83752a4.tar.gz
Shaarli-d14555a3dfdc0d16badefcc54054802ae83752a4.tar.zst
Shaarli-d14555a3dfdc0d16badefcc54054802ae83752a4.zip
Fix security issue reported by @chbi
Vulnerability introduced by 6ccd0b218fbd34de750f55b78f3dc43bb3d9fa8e - release with Shaarli v0.9.1.
-rw-r--r--index.php4
-rw-r--r--tpl/default/tag.cloud.html2
2 files changed, 3 insertions, 3 deletions
diff --git a/index.php b/index.php
index fb00a9fa..8f0179e5 100644
--- a/index.php
+++ b/index.php
@@ -840,7 +840,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
840 } 840 }
841 841
842 $data = array( 842 $data = array(
843 'search_tags' => implode(' ', $filteringTags), 843 'search_tags' => implode(' ', escape($filteringTags)),
844 'tags' => $tagList, 844 'tags' => $tagList,
845 ); 845 );
846 $pluginManager->executeHooks('render_tagcloud', $data, array('loggedin' => isLoggedIn())); 846 $pluginManager->executeHooks('render_tagcloud', $data, array('loggedin' => isLoggedIn()));
@@ -870,7 +870,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
870 } 870 }
871 871
872 $data = [ 872 $data = [
873 'search_tags' => implode(' ', $filteringTags), 873 'search_tags' => implode(' ', escape($filteringTags)),
874 'tags' => $tags, 874 'tags' => $tags,
875 ]; 875 ];
876 $pluginManager->executeHooks('render_taglist', $data, ['loggedin' => isLoggedIn()]); 876 $pluginManager->executeHooks('render_taglist', $data, ['loggedin' => isLoggedIn()]);
diff --git a/tpl/default/tag.cloud.html b/tpl/default/tag.cloud.html
index 96b357a3..68335c70 100644
--- a/tpl/default/tag.cloud.html
+++ b/tpl/default/tag.cloud.html
@@ -26,7 +26,7 @@
26 <input type="hidden" name="do" value="tagcloud"> 26 <input type="hidden" name="do" value="tagcloud">
27 <input type="text" name="searchtags" placeholder="{'Filter by tag'|t}" 27 <input type="text" name="searchtags" placeholder="{'Filter by tag'|t}"
28 {if="!empty($search_tags)"} 28 {if="!empty($search_tags)"}
29 value="{$search_tags}" 29 value="{$search_tags}"
30 {/if} 30 {/if}
31 autocomplete="off" data-multiple data-autofirst data-minChars="1" 31 autocomplete="off" data-multiple data-autofirst data-minChars="1"
32 data-list="{loop="$tags"}{$key}, {/loop}" 32 data-list="{loop="$tags"}{$key}, {/loop}"