Skip to content
Snippets Groups Projects
Commit c17ea82a authored by Till Brehm's avatar Till Brehm
Browse files

Fixed #4894 XSS vulnerability in global search

parent 79d6be9a
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
interface/web/dashboard/ajax_get_json.php
+ 1
0
View file @ c17ea82a
...@@ -189,6 +189,7 @@ function _search($module, $section, $additional_sql = '', $params = ''){ ...@@ -189,6 +189,7 @@ function _search($module, $section, $additional_sql = '', $params = ''){
$sql = "SELECT * FROM ?? WHERE ".$where_clause.$authsql.$order_clause." LIMIT 0,10"; $sql = "SELECT * FROM ?? WHERE ".$where_clause.$authsql.$order_clause." LIMIT 0,10";
$results = $app->db->queryAllRecords($sql, $db_table); $results = $app->db->queryAllRecords($sql, $db_table);
$results = $app->functions->htmlentities($results);
if(is_array($results) && !empty($results)){ if(is_array($results) && !empty($results)){
$lng_file = '../'.$module.'/lib/lang/'.$_SESSION['s']['language'].'_'.$section.'.lng'; $lng_file = '../'.$module.'/lib/lang/'.$_SESSION['s']['language'].'_'.$section.'.lng';
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment