reflected XSS vulnerability fix

mkucej · May 31, 2023 · 3f2c647 · 3f2c647
1 parent 187e5ff
commit 3f2c647
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/app/views/items.php b/app/views/items.php
@@ -386,13 +386,15 @@ private function pageTop(string $collection, array $get, array $input): string {
                     continue;
                 }
 
+                $get_search_query = $this->sanitation->html($get['search_query'][$i]);
+
                 /** @var Bootstrap\Button $el */
                 $el = $this->di->get('Button');
 
                 $el->context("dark");
                 $el->componentSize("small");
                 $el->addClass("d-inline-block mr-1 mb-2 rounded-0");
-                $el->html("<b>{$this->type_to_readable[$type]}</b> &mdash; {$get['search_query'][$i]}");
+                $el->html("<b>{$this->type_to_readable[$type]}</b> &mdash; {$get_search_query}");
                 $tags_html .= $el->render();
 
                 $el = null;