shaba/libxml2
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/libxml2.git synced 2024-10-26 12:25:09 +03:00
Code Releases Activity

Avoid XSS on the search of xmlsoft.org

Browse Source 
query string need to be escaped before being displayed back
This commit is contained in:
Daniel Veillard 2015-07-03 20:58:33 +08:00
parent 140c251e8e
commit 73b2d73df8
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
doc/search.php
View File

@ -102,13 +102,14 @@ A:link, A:visited, A:active { text-decoration: underline }
$scope = ltrim ($scope);
if ($scope == "")
$scope = "any";
$querystr = htmlspecialchars($query, ENT_QUOTES, 'UTF-8');
?>
<p> The search service indexes the libxml2 and libxslt APIs and documentation as well as the xml@gnome.org and xslt@gnome.org mailing-list archives. To use it simply provide a set of keywords:
<p>
<form action="<?php echo "$PHP_SELF", "?query=", rawurlencode($query) ?>"
enctype="application/x-www-form-urlencoded" method="GET">
<input name="query" type="TEXT" size="50" value="<?php echo $query?>">
<input name="query" type="TEXT" size="50" value="<?php echo $querystr?>">
<select name="scope">
<option value="any">Search All</option>
<option value="XML" <?php if ($scope == 'XML') print "selected"?>>XML resources</option>
@ -446,7 +447,7 @@ A:link, A:visited, A:active { text-decoration: underline }
}
mysql_close($link);
$nb = count($results);
echo "<h3 align='center'>Found $nb results for query $query</h3>\n";
echo "<h3 align='center'>Found $nb results for query $querystr</h3>\n";
usort($results, "resSort");
if ($nb > 0) {