nik/davical
1
0
Fork 0
mirror of https://gitlab.com/davical-project/davical.git synced 2026-05-26 02:44:29 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge branch 'fix-array-query-params' into 'master'

Browse Source 
Allow arrays when sanitizing GET query parameters

See merge request davical-project/davical!143
This commit is contained in:
malve 2026-04-16 15:46:27 +00:00
commit ff29a32103
1 changed files with 15 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
htdocs/always.php
View File

@ -32,9 +32,21 @@ function clean_get() {
foreach($_GET as $key => $value) { foreach($_GET as $key => $value) {
// XSS is possible in both key and values // XSS is possible in both key and values
$k = htmlspecialchars($key); $key = htmlspecialchars($key);
$v = htmlspecialchars($value);
$temp[$k] = $v; switch (gettype($value)) {
case "string":
$value = htmlspecialchars($value);
break;
case "array":
array_walk_recursive($value, function(&$v) {
if (gettype($v) == "string") {
$v = htmlspecialchars($v);
}
});
break;
}
$temp[$key] = $value;
} }
return $temp; return $temp;