Permalink
Browse files

close an xss hole

  • Loading branch information...
1 parent d8ae474 commit e836c6b87049b2e052b9ac07afcdac566c23b09b @shish committed Jul 26, 2010
Showing with 1 addition and 1 deletion.
  1. +1 −1 contrib/rss_images/main.php
@@ -16,7 +16,7 @@ public function receive_event($event) {
$title = $config->get_string('title');
if(count($event->search_terms) > 0) {
- $search = implode(' ', $event->search_terms);
+ $search = html_escape(implode(' ', $event->search_terms));
$page->add_header("<link id=\"images\" rel=\"alternate\" type=\"application/rss+xml\" ".
"title=\"$title - Images with tags: $search\" href=\"".make_link("rss/images/$search/1")."\" />");
}

0 comments on commit e836c6b

Please sign in to comment.