Permalink
Browse files

Bug 762934 - External search does not properly escape user supplied d…

…ata, resulting in vulnerability
  • Loading branch information...
Dimitri van Heesch
Dimitri van Heesch committed Mar 25, 2016
1 parent 9abcad8 commit 1cc1adad2de03a0f013881b8960daf89aa155081
Showing with 1 addition and 0 deletions.
  1. +1 −0 templates/html/search_opensearch.php
@@ -3,6 +3,7 @@
$mode = array_key_exists('v', $_GET)?$_GET['v']:"";
$query = array_key_exists('query', $_GET)?$_GET['query']:"";
$query = preg_replace("/[^a-zA-Z0-9\-\_\.\x80-\xFF]/i", " ", $query );
$query_results = run_query($query);

0 comments on commit 1cc1ada

Please sign in to comment.