mbirth/LuckyCoinkydink
1
0
Fork 0
Code Issues Pull Requests Activity

security: Prevent XSS via multicategory pagination

Browse Source
This commit is contained in:
onli 2018-09-13 16:27:28 +02:00
parent a462413025
commit 166b2d4658
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
include/functions_routing.inc.php
View File

@ -226,7 +226,7 @@ function serveCategory($matches) {
$is_multicat = (isset($serendipity['POST']['isMultiCat']) && is_array($serendipity['POST']['multiCat']));
if ($is_multicat) {
$serendipity['GET']['category'] = implode(';', $serendipity['POST']['multiCat']);
$serendipity['GET']['category'] = serendipity_specialchars(implode(';', $serendipity['POST']['multiCat']));
$serendipity['uriArguments'][] = PATH_CATEGORIES;
$serendipity['uriArguments'][] = serendipity_db_escape_string($serendipity['GET']['category']) . '-multi';
} elseif (preg_match('@/([0-9;]+)@', $uri, $multimatch)) {