Skip to content
Permalink
Browse files Browse the repository at this point in the history
phoromatic: Reject HTML encoded character input and other strings tha…
…t likely have no use within the context of Phoromatic inputs
  • Loading branch information
michaellarabel committed Feb 12, 2022
1 parent 802ff84 commit 1eac926
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion pts-core/phoromatic/phoromatic_functions.php
Expand Up @@ -33,7 +33,7 @@ function phoromatic_quit_if_invalid_input_found($input_keys = null)
// backup as to sanitization and stripping elsewhere, safeguard namely check for things like < for fields that shouldn't have it
// plus a few simple backups as safeguards for words that really have no legit relevance within Phoromatic...

foreach(array('<', 'document.write', '../', 'onerror', 'onload', 'alert(') as $invalid_string)
foreach(array('<', '>', 'document.write', '../', 'onerror', 'onload', 'alert(', 'String.', 'confirm(', 'focus=', '&lt', '&gt', '&#') as $invalid_string)
{
foreach($input_keys as $key)
{
Expand Down

0 comments on commit 1eac926

Please sign in to comment.