Skip to content

Commit

Permalink
fix: 搜索异常时导致页面渲染异常, 搜索框 XSS 漏洞
Browse files Browse the repository at this point in the history
  • Loading branch information
RifeWang committed Feb 18, 2021
1 parent fdaf70e commit 038bce7
Showing 1 changed file with 12 additions and 8 deletions.
20 changes: 12 additions & 8 deletions http/controller/search.go
@@ -1,6 +1,8 @@
package controller

import (
"html"

"github.com/studygolang/studygolang/context"
"github.com/studygolang/studygolang/logic"

Expand Down Expand Up @@ -31,11 +33,12 @@ func (SearchController) Search(ctx echo.Context) error {
"q": q,
"f": field,
}
if err == nil {
uri := "/search?q=" + q + "&f=" + field + "&"
paginator := logic.NewPaginatorWithPerPage(p, rows)
data["pageHtml"] = paginator.SetTotal(int64(respBody.NumFound)).GetPageHtml(uri)
if err != nil {
return render(ctx, "500.html", nil)
}
uri := "/search?q=" + html.EscapeString(q) + "&f=" + field + "&"
paginator := logic.NewPaginatorWithPerPage(p, rows)
data["pageHtml"] = paginator.SetTotal(int64(respBody.NumFound)).GetPageHtml(uri)

return render(ctx, "search.html", data)
}
Expand All @@ -60,11 +63,12 @@ func (SearchController) TagList(ctx echo.Context) error {
"users": users,
"nodes": nodes,
}
if err == nil {
uri := "/tag/" + q + "?"
paginator := logic.NewPaginatorWithPerPage(p, rows)
data["pageHtml"] = paginator.SetTotal(int64(respBody.NumFound)).GetPageHtml(uri)
if err != nil {
return render(ctx, "500.html", nil)
}
uri := "/tag/" + q + "?"
paginator := logic.NewPaginatorWithPerPage(p, rows)
data["pageHtml"] = paginator.SetTotal(int64(respBody.NumFound)).GetPageHtml(uri)

return render(ctx, "feed/tag.html", data)
}

0 comments on commit 038bce7

Please sign in to comment.