AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-02-28 19:04:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add stronger input validation/output escaping for theme, tags and categories vars

Browse Source
This commit is contained in:
Marcus Hill
2023-03-05 19:13:48 +00:00
parent 5640a22c18
commit feb0267002
8 changed files with 42 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
models/category.php
View File

@@ -1,4 +1,4 @@
<?php
$name = sanitizeInput($_POST['name']);
$type = sanitizeInput($_POST['type']);
$color = sanitizeInput($_POST['color']);
$color = preg_replace("/[^0-9a-zA-Z_]/", "", sanitizeInput($_POST['color']));

4
models/tag.php
View File

@@ -1,5 +1,5 @@
<?php
$name = sanitizeInput($_POST['name']);
$type = intval($_POST['type']);
$color = sanitizeInput($_POST['color']);
$icon = sanitizeInput($_POST['icon']);
$color = preg_replace("/[^0-9a-zA-Z_]/", "", sanitizeInput($_POST['color']));
$icon = preg_replace("/[^0-9a-zA-Z_]/", "", sanitizeInput($_POST['icon']));