diff options
author | ArthurHoaro <arthur@hoa.ro> | 2020-10-08 08:19:06 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-10-08 08:19:06 +0200 |
commit | 7f1bb5553b7427bd3a9e5b119f99c2ac3509c607 (patch) | |
tree | a4d6f446ec861f9a7591edb31f322e2a846b2bac /application/Utils.php | |
parent | df25b28dcd3cde54d42c18a55a810daa82bf5727 (diff) | |
parent | 72fbbcd6794facea2cf06d9742359d190257b00f (diff) | |
download | Shaarli-7f1bb5553b7427bd3a9e5b119f99c2ac3509c607.tar.gz Shaarli-7f1bb5553b7427bd3a9e5b119f99c2ac3509c607.tar.zst Shaarli-7f1bb5553b7427bd3a9e5b119f99c2ac3509c607.zip |
Merge pull request #1585 from ArthurHoaro/fix/xss-and-tag-search
Security: fix multiple XSS vulnerabilities + fix search tags with special chars
Diffstat (limited to 'application/Utils.php')
-rw-r--r-- | application/Utils.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/application/Utils.php b/application/Utils.php index 9c9eaaa2..bcfda65c 100644 --- a/application/Utils.php +++ b/application/Utils.php | |||
@@ -95,14 +95,14 @@ function escape($input) | |||
95 | return null; | 95 | return null; |
96 | } | 96 | } |
97 | 97 | ||
98 | if (is_bool($input)) { | 98 | if (is_bool($input) || is_int($input) || is_float($input) || $input instanceof DateTimeInterface) { |
99 | return $input; | 99 | return $input; |
100 | } | 100 | } |
101 | 101 | ||
102 | if (is_array($input)) { | 102 | if (is_array($input)) { |
103 | $out = array(); | 103 | $out = array(); |
104 | foreach ($input as $key => $value) { | 104 | foreach ($input as $key => $value) { |
105 | $out[$key] = escape($value); | 105 | $out[escape($key)] = escape($value); |
106 | } | 106 | } |
107 | return $out; | 107 | return $out; |
108 | } | 108 | } |