|
From: Garvin H. <gar...@us...> - 2004-12-01 14:57:34
|
Update of /cvsroot/php-blog/serendipity/include In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv4926/include Modified Files: compat.inc.php genpage.inc.php Log Message: MFB Index: compat.inc.php =================================================================== RCS file: /cvsroot/php-blog/serendipity/include/compat.inc.php,v retrieving revision 1.2 retrieving revision 1.3 diff -u -d -r1.2 -r1.3 --- compat.inc.php 19 Nov 2004 11:05:29 -0000 1.2 +++ compat.inc.php 1 Dec 2004 14:57:25 -0000 1.3 @@ -102,6 +102,10 @@ $serendipity['POST'] = &$_POST['serendipity']; $serendipity['COOKIE'] = &$_COOKIE['serendipity']; +// Some security issues +if (isset($serendipity['GET']['searchTerm'])) { + $serendipity['GET']['searchTerm'] = htmlspecialchars(strip_tags($serendipity['GET']['searchTerm'])); +} function serendipity_get_bool($item) { static $translation = array('true' => true, Index: genpage.inc.php =================================================================== RCS file: /cvsroot/php-blog/serendipity/include/genpage.inc.php,v retrieving revision 1.7 retrieving revision 1.8 diff -u -d -r1.7 -r1.8 --- genpage.inc.php 1 Dec 2004 13:34:25 -0000 1.7 +++ genpage.inc.php 1 Dec 2004 14:57:26 -0000 1.8 @@ -39,11 +39,11 @@ } if ($r === true) { - $serendipity['smarty']->assign('content_message', sprintf(NO_ENTRIES_BLAHBLAH, strip_tags($serendipity['GET']['searchTerm']))); + $serendipity['smarty']->assign('content_message', sprintf(NO_ENTRIES_BLAHBLAH, $serendipity['GET']['searchTerm'])); break; } - $serendipity['smarty']->assign('content_message', sprintf(YOUR_SEARCH_RETURNED_BLAHBLAH, strip_tags($serendipity['GET']['searchTerm']), count($r))); + $serendipity['smarty']->assign('content_message', sprintf(YOUR_SEARCH_RETURNED_BLAHBLAH, $serendipity['GET']['searchTerm'], count($r))); serendipity_printEntries($r); break; |
