diff options
| author | ArthurHoaro <arthur@hoa.ro> | 2020-10-06 17:30:18 +0200 |
|---|---|---|
| committer | ArthurHoaro <arthur@hoa.ro> | 2020-10-06 17:30:18 +0200 |
| commit | 72fbbcd6794facea2cf06d9742359d190257b00f (patch) | |
| tree | a4d6f446ec861f9a7591edb31f322e2a846b2bac /application/render | |
| parent | df25b28dcd3cde54d42c18a55a810daa82bf5727 (diff) | |
| download | Shaarli-72fbbcd6794facea2cf06d9742359d190257b00f.tar.gz Shaarli-72fbbcd6794facea2cf06d9742359d190257b00f.tar.zst Shaarli-72fbbcd6794facea2cf06d9742359d190257b00f.zip | |
Security: fix multiple XSS vulnerabilities + fix search tags with special chars
XSS vulnerabilities fixed in editlink, linklist, tag.cloud and tag.list.
Also fixed tag search with special characters: urlencode function needs to be applied on raw data, before espaping, otherwise the rendered URL is wrong.
Diffstat (limited to 'application/render')
| -rw-r--r-- | application/render/PageBuilder.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/application/render/PageBuilder.php b/application/render/PageBuilder.php index c52e3b76..41b357dd 100644 --- a/application/render/PageBuilder.php +++ b/application/render/PageBuilder.php | |||
| @@ -137,7 +137,7 @@ class PageBuilder | |||
| 137 | $this->tpl->assign('language', $this->conf->get('translation.language')); | 137 | $this->tpl->assign('language', $this->conf->get('translation.language')); |
| 138 | 138 | ||
| 139 | if ($this->bookmarkService !== null) { | 139 | if ($this->bookmarkService !== null) { |
| 140 | $this->tpl->assign('tags', $this->bookmarkService->bookmarksCountPerTag()); | 140 | $this->tpl->assign('tags', escape($this->bookmarkService->bookmarksCountPerTag())); |
| 141 | } | 141 | } |
| 142 | 142 | ||
| 143 | $this->tpl->assign( | 143 | $this->tpl->assign( |