blog search should be escaped so there is no regex exploit

gabeio / lissome

simplistic online learning system

MIT License

0 stars 0 forks source link

Open gabeio opened 9 years ago

gabeio commented 9 years ago

blog search currently builds regex directly out of string. this is exploitable...

gabeio commented 9 years ago

not sure how exploitable this really is...