Skip to content

Commit

Permalink
Fixed cross-site scripting vulnerability.
Browse files Browse the repository at this point in the history
  • Loading branch information
@hendrowicaksono
hendrowicaksono committed Mar 16, 2017
1 parent 62b8ee8 commit 5fcdabc
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions template/default/detail_template.php
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,6 @@
<?php
$_GET['id'] = (integer) htmlspecialchars($_GET['id']);
#$_GET['id'] = (integer) $_GET['id'];
// biblio/record detail
// output the buffer
ob_start(); /* <- DONT REMOVE THIS COMMAND */
Expand Down

1 comment on commit 5fcdabc

@matlam
Copy link

@matlam matlam commented on 5fcdabc Mar 30, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a reason for using htmlspecialchars and (integer)? Wouldn't (integer) be enough?

Please sign in to comment.