diff options
author | ArthurHoaro <arthur@hoa.ro> | 2020-10-08 08:19:06 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-10-08 08:19:06 +0200 |
commit | 7f1bb5553b7427bd3a9e5b119f99c2ac3509c607 (patch) | |
tree | a4d6f446ec861f9a7591edb31f322e2a846b2bac /application/front/controller/admin/ManageTagController.php | |
parent | df25b28dcd3cde54d42c18a55a810daa82bf5727 (diff) | |
parent | 72fbbcd6794facea2cf06d9742359d190257b00f (diff) | |
download | Shaarli-7f1bb5553b7427bd3a9e5b119f99c2ac3509c607.tar.gz Shaarli-7f1bb5553b7427bd3a9e5b119f99c2ac3509c607.tar.zst Shaarli-7f1bb5553b7427bd3a9e5b119f99c2ac3509c607.zip |
Merge pull request #1585 from ArthurHoaro/fix/xss-and-tag-search
Security: fix multiple XSS vulnerabilities + fix search tags with special chars
Diffstat (limited to 'application/front/controller/admin/ManageTagController.php')
-rw-r--r-- | application/front/controller/admin/ManageTagController.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/application/front/controller/admin/ManageTagController.php b/application/front/controller/admin/ManageTagController.php index 0380ef1f..2065c3e2 100644 --- a/application/front/controller/admin/ManageTagController.php +++ b/application/front/controller/admin/ManageTagController.php | |||
@@ -41,8 +41,8 @@ class ManageTagController extends ShaarliAdminController | |||
41 | 41 | ||
42 | $isDelete = null !== $request->getParam('deletetag') && null === $request->getParam('renametag'); | 42 | $isDelete = null !== $request->getParam('deletetag') && null === $request->getParam('renametag'); |
43 | 43 | ||
44 | $fromTag = escape(trim($request->getParam('fromtag') ?? '')); | 44 | $fromTag = trim($request->getParam('fromtag') ?? ''); |
45 | $toTag = escape(trim($request->getParam('totag') ?? '')); | 45 | $toTag = trim($request->getParam('totag') ?? ''); |
46 | 46 | ||
47 | if (0 === strlen($fromTag) || false === $isDelete && 0 === strlen($toTag)) { | 47 | if (0 === strlen($fromTag) || false === $isDelete && 0 === strlen($toTag)) { |
48 | $this->saveWarningMessage(t('Invalid tags provided.')); | 48 | $this->saveWarningMessage(t('Invalid tags provided.')); |