Fix name parameter with special chars - Githubissues

brusselopole / Worldopole

Worldopole is a third party extension for RocketMap showing some nice statistics.

MIT License

85 stars 78 forks source link

Fix name parameter with special chars #364

Closed michikrug closed 6 years ago

michikrug commented 6 years ago

Description

Use htmlspecialchars to encode passed 'name' parameter to prevent XSS attacks. This should not break when passing accented chars.

Motivation and Context

Currently, passed gym and trainer names with accented chars break the search. See #361

How Has This Been Tested?

Own instance.

Types of changes

[x] Bug fix (non-breaking change which fixes an issue)
[ ] New feature (non-breaking change which adds functionality)
[ ] Breaking change (fix or feature that would cause existing functionality to change)