AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-02-28 02:44:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #412 from wrongecho/misc

Browse Source 
Misc incl SQL Injection / XSS fixes
This commit is contained in:
Johnny
2022-03-27 15:05:07 -04:00
committed by GitHub
parent ee97c479bf 816ba87485
commit aafb6a677f
23 changed files with 99 additions and 81 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
client_documents.php
View File

@@ -115,9 +115,9 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
</div>
<form autocomplete="off">
<input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
<input type="hidden" name="tab" value="<?php echo $_GET['tab']; ?>">
<input type="hidden" name="tab" value="<?php echo strip_tags($_GET['tab']); ?>">
<div class="input-group">
<input type="search" class="form-control " name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search <?php echo ucwords($_GET['tab']); ?>">
<input type="search" class="form-control " name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search <?php echo ucwords(strip_tags($_GET['tab'])); ?>">
<div class="input-group-append">
<button class="btn btn-secondary"><i class="fa fa-search"></i></button>
</div>