Skip to content

Commit

Permalink
Bug 762934 - External search does not properly escape user supplied d…
Browse files Browse the repository at this point in the history 
…ata, resulting in vulnerability
  • Loading branch information
Dimitri van Heesch committed Mar 25, 2016
1 parent 9abcad8 commit 1cc1ada
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions templates/html/search_opensearch.php
View file
Expand Up @@ -3,6 +3,7 @@

$mode = array_key_exists('v', $_GET)?$_GET['v']:"";
$query = array_key_exists('query', $_GET)?$_GET['query']:"";
$query = preg_replace("/[^a-zA-Z0-9\-\_\.\x80-\xFF]/i", " ", $query );

$query_results = run_query($query);

Expand Down

0 comments on commit 1cc1ada

Please sign in to comment.