External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-02-21 19:02:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Avoid XSS vulnerability on the search engine

Browse Source 
Raised by https://www.xssposed.org/incidents/69566/
Need to escape the user provided query before displaying it back
This commit is contained in:
Daniel Veillard 2015-07-03 20:47:08 +08:00
parent 2854079496
commit d51876bc8e
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/search.php.code.in
View File

@ -13,7 +13,7 @@
<form action="<?php echo $_SERVER['PHP_SELF'], "?query=", rawurlencode($query) ?>"
enctype="application/x-www-form-urlencoded" method="get">
<input name="query" type="text" size="50" value="<?php echo $query?>"/>
<input name="query" type="text" size="50" value="<?php echo htmlspecialchars($query, ENT_QUOTES, 'UTF-8')?>"/>
<select name="scope">
<option value="any">Search All</option>
<option value="API" <?php if ($scope == 'API') print "selected='selected'"?>>Only the APIs</option>