summaryrefslogtreecommitdiff
path: root/index.php
diff options
context:
space:
mode:
authordweller <dweller@cabin.digital>2024-03-12 01:08:28 +0200
committerdweller <dweller@cabin.digital>2024-03-12 01:08:28 +0200
commit3bfe2491e5930d40ef7691bea17c19a9ec64719a (patch)
tree3321c60857ce94e049ef8997d9abf10ed4c93b42 /index.php
parent4b83175fcab8caa4f1a863cc654f0d991b6ffb58 (diff)
HTML escape outputs, prevent dubious values in $section and $arch
Diffstat (limited to 'index.php')
-rw-r--r--index.php4
1 files changed, 3 insertions, 1 deletions
diff --git a/index.php b/index.php
index 6c8a8ed..951be29 100644
--- a/index.php
+++ b/index.php
@@ -54,7 +54,7 @@
<form action="/search.php">
<div id="query_wrap">
<div id="query_icon"></div>
- <input id="query" type='search' value='<?php if($action === 'lmmtfy') echo $query;?>' name='query' autocorrect="off" autocapitalize="none" required autofocus/>
+ <input id="query" type='search' value='<?php if($action === 'lmmtfy') echo htmlspecialchars($query);?>' name='query' autocorrect="off" autocapitalize="none" required autofocus/>
<button id="btn_def" type='submit' value='man' name='action' class="btn-def" aria-hidden="true" tabindex="-1"></button>
<input type="checkbox" id="query_opts_toggle"/>
<div id="query_opts">
@@ -80,6 +80,8 @@
$sel = "";
if((strlen($arch) > 0) && ($arch == $a))
$sel = 'selected="selected"';
+
+ $a = htmlspecialchars($a);
echo "<option value='$a' $sel>$a</option>";
}
?>