public/tt-rss
1
0
Fork 0
mirror of https://git.tt-rss.org/git/tt-rss.git synced 2025-12-13 10:45:56 +00:00
Code Issues Releases Wiki Activity

force strip_tags() on all user input unless explicitly allowed

Browse Source
This commit is contained in:
Andrew Dolgov
2017-12-03 23:35:38 +03:00
parent 7c6f7bb0aa
commit e6532439d6
13 changed files with 286 additions and 275 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
classes/pluginhandler.php
View File

@@ -5,7 +5,7 @@ class PluginHandler extends Handler_Protected {
}
function catchall($method) {
$plugin = PluginHost::getInstance()->get_plugin($_REQUEST["plugin"]);
$plugin = PluginHost::getInstance()->get_plugin(clean($_REQUEST["plugin"]));
if ($plugin) {
if (method_exists($plugin, $method)) {