diff options
| author | Romain d'Alverny <rda@mageia.org> | 2013-07-27 21:00:15 +0000 |
|---|---|---|
| committer | Romain d'Alverny <rda@mageia.org> | 2013-07-27 21:00:15 +0000 |
| commit | 7d93094012886b2e5fa485bf6272e701798ac95f (patch) | |
| tree | b46ef589638c777698e6f6567c88c0201c1c7962 /en/downloads/get/lib.php | |
| parent | 8de343a4405a6f602a9a38373378e2febe74cc90 (diff) | |
| download | www-7d93094012886b2e5fa485bf6272e701798ac95f.tar www-7d93094012886b2e5fa485bf6272e701798ac95f.tar.gz www-7d93094012886b2e5fa485bf6272e701798ac95f.tar.bz2 www-7d93094012886b2e5fa485bf6272e701798ac95f.tar.xz www-7d93094012886b2e5fa485bf6272e701798ac95f.zip | |
fix bug 10856 (unfiltered input param leading to a XSS vulnerability)
Diffstat (limited to 'en/downloads/get/lib.php')
| -rw-r--r-- | en/downloads/get/lib.php | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/en/downloads/get/lib.php b/en/downloads/get/lib.php index efa69e775..35bbe985c 100644 --- a/en/downloads/get/lib.php +++ b/en/downloads/get/lib.php @@ -76,7 +76,11 @@ function rewrite_city($name) */ function get($s) { - return isset($_GET[$s]) ? trim($_GET[$s]) : null; + if (isset($_GET[$s])) { + return strip_tags(trim($_GET[$s])); + } + + return null; } class NoProductFoundError extends Exception {} |