Skip to content

Commit 1cc1ada

Browse files
author
Dimitri van Heesch
committed
Bug 762934 - External search does not properly escape user supplied data, resulting in vulnerability
1 parent 9abcad8 commit 1cc1ada

File tree

1 file changed

+1
-0
lines changed

1 file changed

+1
-0
lines changed

Diff for: templates/html/search_opensearch.php

+1
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,7 @@
33

44
$mode = array_key_exists('v', $_GET)?$_GET['v']:"";
55
$query = array_key_exists('query', $_GET)?$_GET['query']:"";
6+
$query = preg_replace("/[^a-zA-Z0-9\-\_\.\x80-\xFF]/i", " ", $query );
67

78
$query_results = run_query($query);
89

0 commit comments

Comments
 (0)