External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-02-21 19:02:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

docs: Properly quote self uri in search.php

Browse Source 
This removes the classical XSS vulnerability of using unquoted
PHP_SELF.

Reported-by: John Lightsey <john@nixnuts.net>
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
This commit is contained in:
Martin Kletzander 2017-07-10 11:47:49 +02:00
parent ccac446545
commit f27dd53402
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/search.php.code.in
View File

@ -12,7 +12,7 @@
$querystr = htmlspecialchars($query, ENT_QUOTES, 'UTF-8');
?>
<form action="<?php echo $_SERVER['PHP_SELF'], "?query=", rawurlencode($query) ?>"
<form action="<?php echo htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8'), "?query=", rawurlencode($query) ?>"
enctype="application/x-www-form-urlencoded" method="get">
<input name="query" type="text" size="50" value="<?php echo $querystr ?>"/>
<select name="scope">