Fix more vulnerabilities

This commit is contained in:
Parziphal 2016-02-13 20:29:57 -05:00
parent 565fcf08a3
commit 531b5844d0
8 changed files with 8 additions and 8 deletions

View File

@ -1,7 +1,7 @@
<div id="forum"> <div id="forum">
<div style="margin-bottom: 1em;"> <div style="margin-bottom: 1em;">
<?= $this->formTag(['action' => "search"], ['method' => 'get'], function(){ ?> <?= $this->formTag(['action' => "search"], ['method' => 'get'], function(){ ?>
<?= $this->textFieldTag("query", $this->params()->query, ['size' => 40]) ?> <?= $this->textFieldTag("query", $this->h($this->params()->query), ['size' => 40]) ?>
<?= $this->submitTag($this->t('.submit')) ?> <?= $this->submitTag($this->t('.submit')) ?>
<?php }) ?> <?php }) ?>
</div> </div>

View File

@ -1,7 +1,7 @@
<div id="forum"> <div id="forum">
<div id="search" style="margin-bottom: 1em;"> <div id="search" style="margin-bottom: 1em;">
<?= $this->formTag(['action' => "search"], ['method' => 'get'], function(){ ?> <?= $this->formTag(['action' => "search"], ['method' => 'get'], function(){ ?>
<?= $this->textFieldTag("query", $this->params()->query, ['size' => 40]) ?> <?= $this->textFieldTag("query", $this->h($this->params()->query), ['size' => 40]) ?>
<?= $this->submitTag($this->t('.search')) ?> <?= $this->submitTag($this->t('.search')) ?>
<?php }) ?> <?php }) ?>
</div> </div>

View File

@ -1,7 +1,7 @@
<h4><?= $this->t('.title') ?></h4> <h4><?= $this->t('.title') ?></h4>
<?= $this->formTag(['action' => 'search'], ['method' => 'get'], function(){ ?> <?= $this->formTag(['action' => 'search'], ['method' => 'get'], function(){ ?>
<?= $this->textFieldTag("query", $this->params()->query, ['size' => '40']) ?> <?= $this->submitTag($this->t('.search')) ?> <?= $this->textFieldTag("query", $this->h($this->params()->query), ['size' => '40']) ?> <?= $this->submitTag($this->t('.search')) ?>
<?php }) ?> <?php }) ?>
<?php if ($this->notes) : ?> <?php if ($this->notes) : ?>

View File

@ -4,7 +4,7 @@
<?php if ($this->params()->order) : ?> <?php if ($this->params()->order) : ?>
<?= $this->hiddenFieldTag("order", $this->params()->order) ?> <?= $this->hiddenFieldTag("order", $this->params()->order) ?>
<?php endif ?> <?php endif ?>
<?= $this->textFieldTag("query", $this->params()->query, ['size' => 40]) ?> <?= $this->textFieldTag("query", $this->h($this->params()->query), ['size' => 40]) ?>
<?= $this->submitTag($this->t('.search'), ['name' => '']) ?> <?= $this->submitTag($this->t('.search'), ['name' => '']) ?>
<?php }) ?> <?php }) ?>
</div> </div>

View File

@ -1,5 +1,5 @@
<form method="get" action="/post/moderate"> <form method="get" action="/post/moderate">
<?= $this->textFieldTag("query", $this->params()->query, ['size' => '40']) ?> <?= $this->textFieldTag("query", $this->h($this->params()->query), ['size' => '40']) ?>
<?= $this->submitTag($this->t('buttons.search')) ?> <?= $this->submitTag($this->t('buttons.search')) ?>
</form> </form>

View File

@ -1,6 +1,6 @@
<div style="margin-bottom: 1em;"> <div style="margin-bottom: 1em;">
<?= $this->formTag([], ['method' => 'get'], function(){ ?> <?= $this->formTag([], ['method' => 'get'], function(){ ?>
<?= $this->textFieldTag("query", $this->params()->query) ?> <?= $this->textFieldTag("query", $this->h($this->params()->query)) ?>
<?= $this->submitTag($this->t('.search')) ?> <?= $this->submitTag($this->t('.search')) ?>
<?= $this->submitTag($this->t('tag_implication.index.search')) ?> <?= $this->submitTag($this->t('tag_implication.index.search')) ?>
<?php }) ?> <?php }) ?>

View File

@ -1,6 +1,6 @@
<div style="margin-bottom: 1em;"> <div style="margin-bottom: 1em;">
<?= $this->formTag(['action' => "index"], ['method' => 'get'], function(){ ?> <?= $this->formTag(['action' => "index"], ['method' => 'get'], function(){ ?>
<?= $this->textFieldTag("query", $this->params()->query) ?> <?= $this->textFieldTag("query", $this->h($this->params()->query)) ?>
<?= $this->submitTag($this->t('.search')) ?> <?= $this->submitTag($this->t('.search')) ?>
<?= $this->submitTag($this->t('tag_alias.index.search')) ?> <?= $this->submitTag($this->t('tag_alias.index.search')) ?>
<?php }) ?> <?php }) ?>

View File

@ -2,7 +2,7 @@
<div style="margin-bottom: 1em;"> <div style="margin-bottom: 1em;">
<h6>Search</h6> <h6>Search</h6>
<?= $this->formTag(['action' => "index"], ['method' => "get"], function(){ ?> <?= $this->formTag(['action' => "index"], ['method' => "get"], function(){ ?>
<?= $this->textFieldTag("query", $this->params()->query, ['size' => 20, 'id' => "search-box"]) ?> <?= $this->textFieldTag("query", $this->h($this->params()->query), ['size' => 20, 'id' => "search-box"]) ?>
<?php }) ?> <?php }) ?>
</div> </div>