diff options
author | ArthurHoaro <arthur@hoa.ro> | 2017-10-07 11:33:20 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-10-07 11:33:20 +0200 |
commit | be9ddff2fb8706ce575e95e8cd64458411895dbe (patch) | |
tree | b2682f8f9567fda6ad7207f3c625bb616b4f47c2 /index.php | |
parent | c8d96b4729a96ff2321862ca13a727658860e7a5 (diff) | |
parent | d14555a3dfdc0d16badefcc54054802ae83752a4 (diff) | |
download | Shaarli-be9ddff2fb8706ce575e95e8cd64458411895dbe.tar.gz Shaarli-be9ddff2fb8706ce575e95e8cd64458411895dbe.tar.zst Shaarli-be9ddff2fb8706ce575e95e8cd64458411895dbe.zip |
Merge pull request #987 from ArthurHoaro/hotfix/security-issue
Fix security issue reported by @chb9
Diffstat (limited to 'index.php')
-rw-r--r-- | index.php | 4 |
1 files changed, 2 insertions, 2 deletions
@@ -840,7 +840,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history) | |||
840 | } | 840 | } |
841 | 841 | ||
842 | $data = array( | 842 | $data = array( |
843 | 'search_tags' => implode(' ', $filteringTags), | 843 | 'search_tags' => implode(' ', escape($filteringTags)), |
844 | 'tags' => $tagList, | 844 | 'tags' => $tagList, |
845 | ); | 845 | ); |
846 | $pluginManager->executeHooks('render_tagcloud', $data, array('loggedin' => isLoggedIn())); | 846 | $pluginManager->executeHooks('render_tagcloud', $data, array('loggedin' => isLoggedIn())); |
@@ -870,7 +870,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history) | |||
870 | } | 870 | } |
871 | 871 | ||
872 | $data = [ | 872 | $data = [ |
873 | 'search_tags' => implode(' ', $filteringTags), | 873 | 'search_tags' => implode(' ', escape($filteringTags)), |
874 | 'tags' => $tags, | 874 | 'tags' => $tags, |
875 | ]; | 875 | ]; |
876 | $pluginManager->executeHooks('render_taglist', $data, ['loggedin' => isLoggedIn()]); | 876 | $pluginManager->executeHooks('render_taglist', $data, ['loggedin' => isLoggedIn()]); |