From 3bfe2491e5930d40ef7691bea17c19a9ec64719a Mon Sep 17 00:00:00 2001 From: dweller Date: Tue, 12 Mar 2024 01:08:28 +0200 Subject: HTML escape outputs, prevent dubious values in $section and $arch --- index.php | 4 +++- search.php | 21 ++++++++++++++++++--- 2 files changed, 21 insertions(+), 4 deletions(-) diff --git a/index.php b/index.php index 6c8a8ed..951be29 100644 --- a/index.php +++ b/index.php @@ -54,7 +54,7 @@
- ' name='query' autocorrect="off" autocapitalize="none" required autofocus/> + ' name='query' autocorrect="off" autocapitalize="none" required autofocus/>
@@ -80,6 +80,8 @@ $sel = ""; if((strlen($arch) > 0) && ($arch == $a)) $sel = 'selected="selected"'; + + $a = htmlspecialchars($a); echo ""; } ?> diff --git a/search.php b/search.php index 234aa9e..e61da1b 100644 --- a/search.php +++ b/search.php @@ -48,7 +48,7 @@