public/tt-rss
1
0
Fork 0
mirror of https://git.tt-rss.org/git/tt-rss.git synced 2025-12-13 09:05:55 +00:00
Code Issues Releases Wiki Activity

force strip_tags() on all user input unless explicitly allowed

Browse Source
This commit is contained in:
Andrew Dolgov
2017-12-03 23:35:38 +03:00
parent 7c6f7bb0aa
commit e6532439d6
13 changed files with 286 additions and 275 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
classes/backend.php
View File

@@ -84,7 +84,7 @@ class Backend extends Handler {
}
function help() {
$topic = basename($_REQUEST["topic"]);
$topic = basename(clean($_REQUEST["topic"]));
switch ($topic) {
case "main":