diff options
author | dweller <dweller@cabin.digital> | 2024-03-12 01:08:28 +0200 |
---|---|---|
committer | dweller <dweller@cabin.digital> | 2024-03-12 01:08:28 +0200 |
commit | 3bfe2491e5930d40ef7691bea17c19a9ec64719a (patch) | |
tree | 3321c60857ce94e049ef8997d9abf10ed4c93b42 /index.php | |
parent | 4b83175fcab8caa4f1a863cc654f0d991b6ffb58 (diff) |
HTML escape outputs, prevent dubious values in $section and $arch
Diffstat (limited to 'index.php')
-rw-r--r-- | index.php | 4 |
1 files changed, 3 insertions, 1 deletions
@@ -54,7 +54,7 @@ <form action="/search.php"> <div id="query_wrap"> <div id="query_icon"></div> - <input id="query" type='search' value='<?php if($action === 'lmmtfy') echo $query;?>' name='query' autocorrect="off" autocapitalize="none" required autofocus/> + <input id="query" type='search' value='<?php if($action === 'lmmtfy') echo htmlspecialchars($query);?>' name='query' autocorrect="off" autocapitalize="none" required autofocus/> <button id="btn_def" type='submit' value='man' name='action' class="btn-def" aria-hidden="true" tabindex="-1"></button> <input type="checkbox" id="query_opts_toggle"/> <div id="query_opts"> @@ -80,6 +80,8 @@ $sel = ""; if((strlen($arch) > 0) && ($arch == $a)) $sel = 'selected="selected"'; + + $a = htmlspecialchars($a); echo "<option value='$a' $sel>$a</option>"; } ?> |