kamp/fdroidserver
1
0
Fork 0
mirror of https://gitlab.com/fdroid/fdroidserver.git synced 2024-09-11 23:23:27 +02:00
Code Activity

wp-fdroid: Properly escape fdfilter

Browse Source 
Resolves an XSS issue identified by Cure53 (https://cure53.de)
This commit is contained in:
Ciaran Gultnieks 2015-01-26 18:12:30 +00:00
parent 7fdddb729e
commit 43ccdce0ac
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
wp-fdroid/wp-fdroid.php
View File

@ -171,7 +171,7 @@ class FDroid
$out.=$this->get_app($query_vars); $out.=$this->get_app($query_vars);
} else { } else {
$out.='<form name="searchform" action="" method="get">'; $out.='<form name="searchform" action="" method="get">';
$out.='<p><input name="fdfilter" type="text" value="'.$query_vars['fdfilter'].'" size="30"> '; $out.='<p><input name="fdfilter" type="text" value="'.esc_attr($query_vars['fdfilter']).'" size="30"> ';
$out.='<input type="hidden" name="fdpage" value="1">'; $out.='<input type="hidden" name="fdpage" value="1">';
$out.='<input type="submit" value="Search"></p>'; $out.='<input type="submit" value="Search"></p>';
$out.=$this->makeformdata($query_vars); $out.=$this->makeformdata($query_vars);
@ -690,7 +690,7 @@ class FDroid
$out.='</form>'."\n"; $out.='</form>'."\n";
} }
else { else {
$out.='Applications matching "'.$query_vars['fdfilter'].'"'; $out.='Applications matching "'.esc_attr($query_vars['fdfilter']).'"';
} }
$out.="</div>"; $out.="</div>";
@ -749,7 +749,7 @@ class FDroid
$out.='<input type="hidden" name="page_id" value="'.(int)get_query_var('page_id').'">'; $out.='<input type="hidden" name="page_id" value="'.(int)get_query_var('page_id').'">';
foreach($query_vars as $name => $value) { foreach($query_vars as $name => $value) {
if($value !== null && $name != 'fdfilter' && $name != 'fdpage') if($value !== null && $name != 'fdfilter' && $name != 'fdpage')
$out.='<input type="hidden" name="'.$name.'" value="'.sanitize_text_field($value).'">'; $out.='<input type="hidden" name="'.esc_attr($name).'" value="'.esc_attr($value).'">';
} }
return $out; return $out;