Bug 762934 - External search does not properly escape user supplied data, resulting in vulnerability

author: Dimitri van Heesch <dimitri@stack.nl> 2016-03-25 18:55:20 (GMT)
committer: Dimitri van Heesch <dimitri@stack.nl> 2016-03-25 18:55:20 (GMT)
commit: 1cc1adad2de03a0f013881b8960daf89aa155081 (patch)
tree: 4bd7088f1399702991b1c53cad8cfa751a7129b7 /templates
parent: 9abcad810b8d41d338d501ff5b32524e1ced7f33 (diff)
download: Doxygen-1cc1adad2de03a0f013881b8960daf89aa155081.zip
Doxygen-1cc1adad2de03a0f013881b8960daf89aa155081.tar.gz
Doxygen-1cc1adad2de03a0f013881b8960daf89aa155081.tar.bz2
1 files changed, 1 insertions, 0 deletions
diff --git a/templates/html/search_opensearch.php b/templates/html/search_opensearch.php
index e3a4634..58ee4ab 100644
--- a/templates/html/search_opensearch.php
+++ b/templates/html/search_opensearch.php
@@ -3,6 +3,7 @@ require "search_functions.php";
 
 $mode = array_key_exists('v', $_GET)?$_GET['v']:"";
 $query = array_key_exists('query', $_GET)?$_GET['query']:"";
+$query = preg_replace("/[^a-zA-Z0-9\-\_\.\x80-\xFF]/i", " ", $query );
 
 $query_results = run_query($query);
author	Dimitri van Heesch <dimitri@stack.nl>	2016-03-25 18:55:20 (GMT)
committer	Dimitri van Heesch <dimitri@stack.nl>	2016-03-25 18:55:20 (GMT)
commit	1cc1adad2de03a0f013881b8960daf89aa155081 (patch)
tree	4bd7088f1399702991b1c53cad8cfa751a7129b7 /templates
parent	9abcad810b8d41d338d501ff5b32524e1ced7f33 (diff)
download	Doxygen-1cc1adad2de03a0f013881b8960daf89aa155081.zip Doxygen-1cc1adad2de03a0f013881b8960daf89aa155081.tar.gz Doxygen-1cc1adad2de03a0f013881b8960daf89aa155081.tar.bz2