Issue #378 XSS in members search

esotalk / esoTalk

Fat-free forum software.

GNU General Public License v2.0

1.47k stars 239 forks source link

Closed jgknight closed 9 years ago

jgknight commented 9 years ago

Fixes #378 - User supplied search query was not sanitized before ouput.

jgknight commented 9 years ago

Example without the fix would be forum.com/members/?search=%27%3E%3Cmarquee%3E%3Cimg%20src=http://i.imgur.com/5TBmFp3.gif%3E%3C/marquee%3E