[Fusionforge-commits] r11017 - branches/Branch_5_0/gforge/plugins/globalsearch/www

Roland Mas lolando at libremir.placard.fr.eu.org
Fri Oct 15 18:02:17 CEST 2010


Author: lolando
Date: 2010-10-15 18:02:17 +0200 (Fri, 15 Oct 2010)
New Revision: 11017

Modified:
   branches/Branch_5_0/gforge/plugins/globalsearch/www/index.php
Log:
Fixed XSS vulnerability reported by 'Bluetouff'

Modified: branches/Branch_5_0/gforge/plugins/globalsearch/www/index.php
===================================================================
--- branches/Branch_5_0/gforge/plugins/globalsearch/www/index.php	2010-10-15 15:31:53 UTC (rev 11016)
+++ branches/Branch_5_0/gforge/plugins/globalsearch/www/index.php	2010-10-15 16:02:17 UTC (rev 11017)
@@ -68,6 +68,9 @@
 
 echo "<p>";
 
+$gwords = htmlspecialchars(trim($gwords));
+$gwords = ereg_replace("[ \t]+", ' ', $gwords);
+
 // show search box which will return results on
 // this very page (default is to open new window)
 $gsplugin = plugin_get_object ('globalsearch') ;
@@ -77,9 +80,6 @@
         Force them to enter at least three characters
 */
 
-$gwords = htmlspecialchars(trim($gwords));
-$gwords = ereg_replace("[ \t]+", ' ', $gwords);
-
 if ($gwords && (strlen($gwords) < 3)) {
         echo "<h2>"._("Search must be at least three characters")."</h2>";
         $HTML->footer(array());




More information about the Fusionforge-commits mailing list