diff options
| author | dweller <dweller@cabin.digital> | 2024-03-12 01:08:28 +0200 |
|---|---|---|
| committer | dweller <dweller@cabin.digital> | 2024-03-12 01:08:28 +0200 |
| commit | 3bfe2491e5930d40ef7691bea17c19a9ec64719a (patch) | |
| tree | 3321c60857ce94e049ef8997d9abf10ed4c93b42 /search.php | |
| parent | 4b83175fcab8caa4f1a863cc654f0d991b6ffb58 (diff) | |
HTML escape outputs, prevent dubious values in $section and $arch
Diffstat (limited to '')
| -rw-r--r-- | search.php | 21 |
1 files changed, 18 insertions, 3 deletions
@@ -48,7 +48,7 @@ <nav id="search_pane"> <form> <div id="query_wrap"> - <input id="query" type='search' value='<?=$query;?>' name='query' autocorrect="off" autocapitalize="none" required/> + <input id="query" type='search' value='<?= htmlspecialchars($query);?>' name='query' autocorrect="off" autocapitalize="none" required/> <button id="btn_def" type='submit' value='man' name='action' class="btn-def" aria-hidden="true" tabindex="-1"></button> <input type="checkbox" id="query_opts_toggle"/> <div id="query_opts"> @@ -74,6 +74,8 @@ $sel = ""; if((strlen($arch) > 0) && ($arch == $a)) $sel = 'selected="selected"'; + + $a = htmlspecialchars($a); echo "<option value='$a' $sel>$a</option>"; } ?> @@ -96,9 +98,17 @@ <?php $arg_section = ""; if(!empty($section)) - $arg_section .= " -s ". escapeshellarg($section); + { + if(is_numeric($section) && (0 < $section) && ($section <= 9)) + $arg_section .= " -s ". escapeshellarg($section); + else $section = null; + } if(!empty($arch)) - $arg_section .= " -S ". escapeshellarg($arch); + { + if(in_array($arch, $archs, true)) + $arg_section .= " -S ". escapeshellarg($arch); + else $arch = null; + } /* NOTE: This seems like it's a too ad hoc of a solution, but _theoretically_ escapeshellarg() * should take care of the rest. I need more testing. @@ -125,6 +135,7 @@ * As you can see, they also decided to pepper the HTML with inline style coz they * just absolutely hate me, so I strip it too. */ + /* NOTE: don't htmlspecialchars() here because this is raw HTML from mandoc! */ for($i = 0; $i < count($lines); $i++) { $line = preg_replace('/\<br.\>/i', '', $lines[$i]); @@ -171,6 +182,10 @@ $url = "$root/search.php?query=". urlencode($name) ."§ion=". urlencode($sect) ."&arch=". urlencode($arch) ."&action=man"; + $fname = htmlspecialchars($fname); + $fsect = htmlspecialchars($fsect); + $desc = htmlspecialchars($desc); + echo '<dl>'; echo " <dt><a href='".$url."'>$fname($fsect)</a></dt>"; echo " <dd>$desc</dd>"; |