Merge pull request #987 from ArthurHoaro/hotfix/security-issue

Fix security issue reported by @chb9
author: ArthurHoaro <arthur@hoa.ro> 2017-10-07 11:33:20 +0200
committer: GitHub <noreply@github.com> 2017-10-07 11:33:20 +0200
commit: be9ddff2fb8706ce575e95e8cd64458411895dbe (patch)
tree: b2682f8f9567fda6ad7207f3c625bb616b4f47c2 /index.php
parent: c8d96b4729a96ff2321862ca13a727658860e7a5 (diff)
parent: d14555a3dfdc0d16badefcc54054802ae83752a4 (diff)
download: Shaarli-be9ddff2fb8706ce575e95e8cd64458411895dbe.tar.gz
Shaarli-be9ddff2fb8706ce575e95e8cd64458411895dbe.tar.zst
Shaarli-be9ddff2fb8706ce575e95e8cd64458411895dbe.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/index.php b/index.php
index c2552ce8..4068a828 100644
--- a/index.php
+++ b/index.php
@@ -840,7 +840,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
        }
        $data = array(
-            'search_tags' => implode(' ', $filteringTags),
+            'search_tags' => implode(' ', escape($filteringTags)),
            'tags' => $tagList,
        );
        $pluginManager->executeHooks('render_tagcloud', $data, array('loggedin' => isLoggedIn()));
@@ -870,7 +870,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
        }
        $data = [
-            'search_tags' => implode(' ', $filteringTags),
+            'search_tags' => implode(' ', escape($filteringTags)),
            'tags' => $tags,
        ];
        $pluginManager->executeHooks('render_taglist', $data, ['loggedin' => isLoggedIn()]);
author	ArthurHoaro <arthur@hoa.ro>	2017-10-07 11:33:20 +0200
committer	GitHub <noreply@github.com>	2017-10-07 11:33:20 +0200
commit	be9ddff2fb8706ce575e95e8cd64458411895dbe (patch)
tree	b2682f8f9567fda6ad7207f3c625bb616b4f47c2 /index.php
parent	c8d96b4729a96ff2321862ca13a727658860e7a5 (diff)
parent	d14555a3dfdc0d16badefcc54054802ae83752a4 (diff)
download	Shaarli-be9ddff2fb8706ce575e95e8cd64458411895dbe.tar.gz Shaarli-be9ddff2fb8706ce575e95e8cd64458411895dbe.tar.zst Shaarli-be9ddff2fb8706ce575e95e8cd64458411895dbe.zip

diff --git a/index.php b/index.php index c2552ce8..4068a828 100644 --- a/index.php +++ b/index.php
@@ -840,7 +840,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
840	}	840	}
841		841
842	$data = array(	842	$data = array(
843	'search_tags' => implode(' ', $filteringTags),	843	'search_tags' => implode(' ', escape($filteringTags)),
844	'tags' => $tagList,	844	'tags' => $tagList,
845	);	845	);
846	$pluginManager->executeHooks('render_tagcloud', $data, array('loggedin' => isLoggedIn()));	846	$pluginManager->executeHooks('render_tagcloud', $data, array('loggedin' => isLoggedIn()));
@@ -870,7 +870,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
870	}	870	}
871		871
872	$data = [	872	$data = [
873	'search_tags' => implode(' ', $filteringTags),	873	'search_tags' => implode(' ', escape($filteringTags)),
874	'tags' => $tags,	874	'tags' => $tags,
875	];	875	];
876	$pluginManager->executeHooks('render_taglist', $data, ['loggedin' => isLoggedIn()]);	876	$pluginManager->executeHooks('render_taglist', $data, ['loggedin' => isLoggedIn()]);