Merge pull request #1585 from ArthurHoaro/fix/xss-and-tag-search

Security: fix multiple XSS vulnerabilities + fix search tags with special chars
author: ArthurHoaro <arthur@hoa.ro> 2020-10-08 08:19:06 +0200
committer: GitHub <noreply@github.com> 2020-10-08 08:19:06 +0200
commit: 7f1bb5553b7427bd3a9e5b119f99c2ac3509c607 (patch)
tree: a4d6f446ec861f9a7591edb31f322e2a846b2bac /application/render/PageBuilder.php
parent: df25b28dcd3cde54d42c18a55a810daa82bf5727 (diff)
parent: 72fbbcd6794facea2cf06d9742359d190257b00f (diff)
download: Shaarli-7f1bb5553b7427bd3a9e5b119f99c2ac3509c607.tar.gz
Shaarli-7f1bb5553b7427bd3a9e5b119f99c2ac3509c607.tar.zst
Shaarli-7f1bb5553b7427bd3a9e5b119f99c2ac3509c607.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/application/render/PageBuilder.php b/application/render/PageBuilder.php
index c52e3b76..41b357dd 100644
--- a/application/render/PageBuilder.php
+++ b/application/render/PageBuilder.php
@@ -137,7 +137,7 @@ class PageBuilder
        $this->tpl->assign('language', $this->conf->get('translation.language'));
        if ($this->bookmarkService !== null) {
-            $this->tpl->assign('tags', $this->bookmarkService->bookmarksCountPerTag());
+            $this->tpl->assign('tags', escape($this->bookmarkService->bookmarksCountPerTag()));
        }
        $this->tpl->assign(
author	ArthurHoaro <arthur@hoa.ro>	2020-10-08 08:19:06 +0200
committer	GitHub <noreply@github.com>	2020-10-08 08:19:06 +0200
commit	7f1bb5553b7427bd3a9e5b119f99c2ac3509c607 (patch)
tree	a4d6f446ec861f9a7591edb31f322e2a846b2bac /application/render/PageBuilder.php
parent	df25b28dcd3cde54d42c18a55a810daa82bf5727 (diff)
parent	72fbbcd6794facea2cf06d9742359d190257b00f (diff)
download	Shaarli-7f1bb5553b7427bd3a9e5b119f99c2ac3509c607.tar.gz Shaarli-7f1bb5553b7427bd3a9e5b119f99c2ac3509c607.tar.zst Shaarli-7f1bb5553b7427bd3a9e5b119f99c2ac3509c607.zip

diff --git a/application/render/PageBuilder.php b/application/render/PageBuilder.php index c52e3b76..41b357dd 100644 --- a/application/render/PageBuilder.php +++ b/application/render/PageBuilder.php
@@ -137,7 +137,7 @@ class PageBuilder
137	$this->tpl->assign('language', $this->conf->get('translation.language'));	137	$this->tpl->assign('language', $this->conf->get('translation.language'));
138		138
139	if ($this->bookmarkService !== null) {	139	if ($this->bookmarkService !== null) {
140	$this->tpl->assign('tags', $this->bookmarkService->bookmarksCountPerTag());	140	$this->tpl->assign('tags', escape($this->bookmarkService->bookmarksCountPerTag()));
141	}	141	}
142		142
143	$this->tpl->assign(	143	$this->tpl->assign(