[Fusionforge-commits] r11017 - branches/Branch_5_0/gforge/plugins/globalsearch/www
Roland Mas
lolando at libremir.placard.fr.eu.org
Fri Oct 15 18:02:17 CEST 2010
Author: lolando
Date: 2010-10-15 18:02:17 +0200 (Fri, 15 Oct 2010)
New Revision: 11017
Modified:
branches/Branch_5_0/gforge/plugins/globalsearch/www/index.php
Log:
Fixed XSS vulnerability reported by 'Bluetouff'
Modified: branches/Branch_5_0/gforge/plugins/globalsearch/www/index.php
===================================================================
--- branches/Branch_5_0/gforge/plugins/globalsearch/www/index.php 2010-10-15 15:31:53 UTC (rev 11016)
+++ branches/Branch_5_0/gforge/plugins/globalsearch/www/index.php 2010-10-15 16:02:17 UTC (rev 11017)
@@ -68,6 +68,9 @@
echo "<p>";
+$gwords = htmlspecialchars(trim($gwords));
+$gwords = ereg_replace("[ \t]+", ' ', $gwords);
+
// show search box which will return results on
// this very page (default is to open new window)
$gsplugin = plugin_get_object ('globalsearch') ;
@@ -77,9 +80,6 @@
Force them to enter at least three characters
*/
-$gwords = htmlspecialchars(trim($gwords));
-$gwords = ereg_replace("[ \t]+", ' ', $gwords);
-
if ($gwords && (strlen($gwords) < 3)) {
echo "<h2>"._("Search must be at least three characters")."</h2>";
$HTML->footer(array());
More information about the Fusionforge-commits
mailing list