From 743ff69c03e675367419f2e8ca1addfeec8a3b81 Mon Sep 17 00:00:00 2001
From: malve <26271862-malve@users.noreply.gitlab.com>
Date: Tue, 18 Feb 2025 21:14:32 +0100
Subject: [PATCH] allow arrays when sanitizing get query parameters

---
 htdocs/always.php | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/htdocs/always.php b/htdocs/always.php
index 914e29e6..f732f775 100644
--- a/htdocs/always.php
+++ b/htdocs/always.php
@@ -32,9 +32,21 @@ function clean_get() {
 
     foreach($_GET as $key => $value) {
         // XSS is possible in both key and values
-        $k = htmlspecialchars($key);
-        $v = htmlspecialchars($value);
-        $temp[$k] = $v;
+        $key = htmlspecialchars($key);
+
+        switch (gettype($value)) {
+            case "string":
+                $value = htmlspecialchars($value);
+                break;
+            case "array":
+                array_walk_recursive($value, function(&$v) {
+                    if (gettype($v) == "string") {
+                        $v = htmlspecialchars($v);
+                    }
+                });
+                break;
+        }
+        $temp[$key] = $value;
     }
 
     return $temp;