Skip to content

Commit 1eac926

Browse files
phoromatic: Reject HTML encoded character input and other strings that likely have no use within the context of Phoromatic inputs
1 parent 802ff84 commit 1eac926

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

Diff for: pts-core/phoromatic/phoromatic_functions.php

+1-1
Original file line numberDiff line numberDiff line change
@@ -33,7 +33,7 @@ function phoromatic_quit_if_invalid_input_found($input_keys = null)
3333
// backup as to sanitization and stripping elsewhere, safeguard namely check for things like < for fields that shouldn't have it
3434
// plus a few simple backups as safeguards for words that really have no legit relevance within Phoromatic...
3535

36-
foreach(array('<', 'document.write', '../', 'onerror', 'onload', 'alert(') as $invalid_string)
36+
foreach(array('<', '>', 'document.write', '../', 'onerror', 'onload', 'alert(', 'String.', 'confirm(', 'focus=', '&lt', '&gt', '&#') as $invalid_string)
3737
{
3838
foreach($input_keys as $key)
3939
{

0 commit comments

Comments
 (0)