diff options
author | ArthurHoaro <arthur@hoa.ro> | 2017-10-07 11:27:44 +0200 |
---|---|---|
committer | ArthurHoaro <arthur@hoa.ro> | 2017-10-07 11:27:44 +0200 |
commit | d14555a3dfdc0d16badefcc54054802ae83752a4 (patch) | |
tree | fc5a9a525f6fdc7d57096d23029c1f24130d0115 | |
parent | a59bbf50d7530d7e82a91896a210b9da49cb1568 (diff) | |
download | Shaarli-d14555a3dfdc0d16badefcc54054802ae83752a4.tar.gz Shaarli-d14555a3dfdc0d16badefcc54054802ae83752a4.tar.zst Shaarli-d14555a3dfdc0d16badefcc54054802ae83752a4.zip |
Fix security issue reported by @chbi
Vulnerability introduced by 6ccd0b218fbd34de750f55b78f3dc43bb3d9fa8e - release with Shaarli v0.9.1.
-rw-r--r-- | index.php | 4 | ||||
-rw-r--r-- | tpl/default/tag.cloud.html | 2 |
2 files changed, 3 insertions, 3 deletions
@@ -840,7 +840,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history) | |||
840 | } | 840 | } |
841 | 841 | ||
842 | $data = array( | 842 | $data = array( |
843 | 'search_tags' => implode(' ', $filteringTags), | 843 | 'search_tags' => implode(' ', escape($filteringTags)), |
844 | 'tags' => $tagList, | 844 | 'tags' => $tagList, |
845 | ); | 845 | ); |
846 | $pluginManager->executeHooks('render_tagcloud', $data, array('loggedin' => isLoggedIn())); | 846 | $pluginManager->executeHooks('render_tagcloud', $data, array('loggedin' => isLoggedIn())); |
@@ -870,7 +870,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history) | |||
870 | } | 870 | } |
871 | 871 | ||
872 | $data = [ | 872 | $data = [ |
873 | 'search_tags' => implode(' ', $filteringTags), | 873 | 'search_tags' => implode(' ', escape($filteringTags)), |
874 | 'tags' => $tags, | 874 | 'tags' => $tags, |
875 | ]; | 875 | ]; |
876 | $pluginManager->executeHooks('render_taglist', $data, ['loggedin' => isLoggedIn()]); | 876 | $pluginManager->executeHooks('render_taglist', $data, ['loggedin' => isLoggedIn()]); |
diff --git a/tpl/default/tag.cloud.html b/tpl/default/tag.cloud.html index 96b357a3..68335c70 100644 --- a/tpl/default/tag.cloud.html +++ b/tpl/default/tag.cloud.html | |||
@@ -26,7 +26,7 @@ | |||
26 | <input type="hidden" name="do" value="tagcloud"> | 26 | <input type="hidden" name="do" value="tagcloud"> |
27 | <input type="text" name="searchtags" placeholder="{'Filter by tag'|t}" | 27 | <input type="text" name="searchtags" placeholder="{'Filter by tag'|t}" |
28 | {if="!empty($search_tags)"} | 28 | {if="!empty($search_tags)"} |
29 | value="{$search_tags}" | 29 | value="{$search_tags}" |
30 | {/if} | 30 | {/if} |
31 | autocomplete="off" data-multiple data-autofirst data-minChars="1" | 31 | autocomplete="off" data-multiple data-autofirst data-minChars="1" |
32 | data-list="{loop="$tags"}{$key}, {/loop}" | 32 | data-list="{loop="$tags"}{$key}, {/loop}" |