Skip to content

Commit e83721a

Browse files
committed
fix security vulnerability in search method, reported by pang0lin
1 parent e7b6856 commit e83721a

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

Diff for: framework/modules/search/controllers/searchController.php

+1-1
Original file line numberDiff line numberDiff line change
@@ -58,7 +58,7 @@ public function search()
5858
if (get_magic_quotes_gpc()) {
5959
$terms = stripslashes($terms);
6060
}
61-
$terms = htmlspecialchars($terms);
61+
$terms = expString::escape(htmlspecialchars($terms));
6262

6363
if ($router->current_url == substr(URL_FULL, 0, -1)) { // give us a user friendly url
6464
unset($router->params['int']);

0 commit comments

Comments
 (0)