Skip to content

Commit 2c59606

Browse files
authored
Fix injection vulnerability in fdb search page (#15315)
unescaped search output reported by: https://huntr.dev/users/hainguyen0207
1 parent cfd642b commit 2c59606

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

Diff for: includes/html/pages/search/fdb.inc.php

+1-1
Original file line numberDiff line numberDiff line change
@@ -112,7 +112,7 @@
112112
"<div class=\"form-group\">"+
113113
"<input type=\"text\" name=\"searchPhrase\" id=\"address\" value=\""+
114114
<?php
115-
echo '"' . $vars['searchPhrase'] . '"+';
115+
echo '"' . htmlspecialchars($vars['searchPhrase']) . '"+';
116116
?>
117117

118118
"\" class=\"form-control input-sm\" placeholder=\"Value\" />"+

0 commit comments

Comments
 (0)