diff options
| author | Andreas Gohr <andi@splitbrain.org> | 2007-07-19 14:25:38 +0200 |
|---|---|---|
| committer | Andreas Gohr <andi@splitbrain.org> | 2007-07-19 14:25:38 +0200 |
| commit | 58723938c4ac0722ab18a345d286634a9f823b39 (patch) | |
| tree | 8c81d34022ba34918ad1c3b7bb3470f0a693c978 /lib | |
| parent | 72de906899b8636e7c60c79f81509d00d9b7bd2b (diff) | |
| download | rpg-58723938c4ac0722ab18a345d286634a9f823b39.tar.gz rpg-58723938c4ac0722ab18a345d286634a9f823b39.tar.bz2 | |
fix for XSS in spellchecker FS#1195
darcs-hash:20070719122538-7ad00-6c49f72bc490f27718d25f105fd762982631bd7b.gz
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/exe/spellcheck.php | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/exe/spellcheck.php b/lib/exe/spellcheck.php index 65f80c5e8..aa1168136 100644 --- a/lib/exe/spellcheck.php +++ b/lib/exe/spellcheck.php @@ -272,7 +272,8 @@ function spell_resume(){ * Just send data back as received for UTF-8 testing */ function spell_utf8test(){ - print $_POST['data']; + // we need to return the raw value - substr protects against XSS + print substr($_POST['data'],0,3); } /** |