Home Explore Help
Sign In
joker
/
packagist
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Fix reflective XSS

Jordi Boggiano 7 years ago
parent
20fb2f5d1e
commit
bbe5582802
1 changed files with 2 additions and 2 deletions
Split View Show Diff Stats
  1. 2 2
      src/Packagist/WebBundle/Controller/WebController.php

+ 2 - 2
src/Packagist/WebBundle/Controller/WebController.php
View File 

@@ -80,8 +80,8 @@ class WebController extends Controller
 
         if ($req->getRequestFormat() !== 'json') {
 
             return $this->render('PackagistWebBundle:Web:search.html.twig', [
 
                 'packages' => [],
 
-                'tags' => (array) $tagsFilter,
 
-                'type' => $typeFilter,
 
+                'tags' => array_map('htmlentities', (array) $tagsFilter),
 
+                'type' => htmlentities($typeFilter),
 
             ]);
 
         }