Skip to content
This repository has been archived by the owner on Sep 21, 2018. It is now read-only.

Commit

Permalink
Fix XSS security issue.
Browse files Browse the repository at this point in the history
  • Loading branch information
@Tpt
Tpt committed Feb 3, 2013
1 parent 99e0fc3 commit 7d6dff7
Show file tree
Hide file tree
Showing 4 changed files with 8 additions and 8 deletions.
6 changes: 3 additions & 3 deletions http/api.php
View file
Expand Up @@ -3,12 +3,12 @@
include '../config.php';


$ids = isset($_GET['ids']) ? explode( '|', $_GET['ids'] ) : array();
$ids = isset($_GET['ids']) ? explode( '|', htmlspecialchars( $_GET['ids'] ) ) : array();
foreach( $ids as $key => $id ) {
$ids[$key] = intval( $id );
}
$sites = isset($_GET['sites']) ? explode( '|', rawurldecode( $_GET['sites'] ) ) : array();
$titles = isset($_GET['titles']) ? explode( '|', rawurldecode( $_GET['titles'] ) ) : array(); //TODO
$sites = isset($_GET['sites']) ? explode( '|', htmlspecialchars( rawurldecode( $_GET['sites'] ) ) ) : array();
$titles = isset($_GET['titles']) ? explode( '|', htmlspecialchars( rawurldecode( $_GET['titles'] ) ) ) : array(); //TODO
foreach( $titles as $key => $title ) {
$titles[$key] = str_replace( '_', ' ', $title );
}
Expand Down
6 changes: 3 additions & 3 deletions http/index.php
View file
Expand Up @@ -3,9 +3,9 @@
include '../config.php';

$id = isset($_GET['id']) ? intval( $_GET['id'] ) : 0;
$site = isset($_GET['site']) ? rawurldecode( $_GET['site'] ) : '';
$title = isset($_GET['title']) ? str_replace( '_', ' ', rawurldecode( $_GET['title'] ) ) : ''; //TODO
$format = isset($_GET['format']) ? $_GET['format'] : 'html';
$site = isset($_GET['site']) ? htmlspecialchars( rawurldecode( $_GET['site'] ) ) : '';
$title = isset($_GET['title']) ? str_replace( '_', ' ', htmlspecialchars( rawurldecode( $_GET['title'] ) ) ) : ''; //TODO
$format = isset($_GET['format']) ? htmlspecialchars( $_GET['format'] ) : 'html';

if( $id == 0 ) {
if( $site == '' || $title == '' ) {
Expand Down
2 changes: 1 addition & 1 deletion http/search.php
View file
Expand Up @@ -2,7 +2,7 @@
include '../include/include.php';
include '../config.php';

$search = isset($_GET['search']) ? $_GET['search'] : '';
$search = isset($_GET['search']) ? htmlspecialchars( $_GET['search'] ) : '';
$offset = isset($_GET['offset']) ? intval( $_GET['offset'] ) : 0;
$limit = isset($_GET['limit']) ? min( intval( $_GET['limit'] ), 100 ) : 100;

Expand Down
2 changes: 1 addition & 1 deletion http/viafLinks.php
View file
Expand Up @@ -3,7 +3,7 @@
include '../config.php';

$id = isset($_GET['id']) ? intval( $_GET['id'] ) : 0;
$format = isset($_GET['format']) ? $_GET['format'] : 'json';
$format = isset($_GET['format']) ? htmlspecialchars( $_GET['format'] ) : 'json';

header( 'Content-Type: application/json; charset=utf-8' );
header( 'access-control-allow-origin: *' );
Expand Down

0 comments on commit 7d6dff7

Please sign in to comment.