Skip to content
Permalink
Browse files Browse the repository at this point in the history
Prevent unwanted vars redirection.
Just to mitigate flooding of error logs, redirect if someone do malicious attempts on the search script.
  • Loading branch information
FrederickChan committed Mar 10, 2021
1 parent 1c2b323 commit da9f89a
Showing 1 changed file with 20 additions and 15 deletions.
35 changes: 20 additions & 15 deletions includes/classes/PHPFusion/Search/Search_Engine.php
Expand Up @@ -295,21 +295,26 @@ protected static function display_search_form() {
* @return array|string
*/
public static function get_param($key = NULL) {
$info = [
'stype' => htmlentities(self::$search_type),
'stext' => htmlentities(self::$search_text),
'method' => htmlentities(self::$search_method),
'datelimit' => self::$search_date_limit,
'fields' => self::$search_fields,
'sort' => self::$search_sort,
'chars' => htmlentities(self::$search_chars),
'order' => self::$search_order,
'forum_id' => self::$forum_id,
'memory_limit' => self::$memory_limit,
'composevars' => self::$composevars,
'rowstart' => self::$rowstart,
'search_param' => self::$search_param,
];
try {
$info = [
'stype' => stripinput(self::$search_type),
'stext' => stripinput(self::$search_text),
'method' => stripinput(self::$search_method),
'datelimit' => self::$search_date_limit,
'fields' => self::$search_fields,
'sort' => self::$search_sort,
'chars' => stripinput(self::$search_chars),
'order' => self::$search_order,
'forum_id' => self::$forum_id,
'memory_limit' => self::$memory_limit,
'composevars' => self::$composevars,
'rowstart' => self::$rowstart,
'search_param' => self::$search_param,
];
} catch (\Exception $e) {
redirect(BASEDIR.fusion_get_settings('opening_page'));
}


return $key === NULL ? $info : (isset($info[$key]) ? $info[$key] : NULL);
}
Expand Down

0 comments on commit da9f89a

Please sign in to comment.