diff options
| author | David Flatz | 2016-06-14 15:23:43 +0200 |
|---|---|---|
| committer | David Flatz | 2016-06-14 15:23:43 +0200 |
| commit | f5c82c6bee3d02a5781c4e7f2933dd6fdf5f3405 (patch) | |
| tree | bbea318e77ae36f4f56473b47327822c8fb03b2d /it_html.class | |
| parent | 0ac54018f481c9d4f18a2874ff3da071ec431929 (diff) | |
| download | itools-f5c82c6bee3d02a5781c4e7f2933dd6fdf5f3405.tar.gz itools-f5c82c6bee3d02a5781c4e7f2933dd6fdf5f3405.tar.bz2 itools-f5c82c6bee3d02a5781c4e7f2933dd6fdf5f3405.zip | |
make sure that $string is really a string, should fix some XSS problems
Diffstat (limited to 'it_html.class')
| -rw-r--r-- | it_html.class | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/it_html.class b/it_html.class index e9e312b..9db8893 100644 --- a/it_html.class +++ b/it_html.class @@ -507,6 +507,7 @@ function _cleanup($string, $charset) */ function Q($string) { + $string = @strval($string); if (preg_match('/[<>&"\x00-\x08\x0a-\x0c\x0e-\x1f\x80-\xff]/', $string)) # WARNING: copy/pasted to _tag() { $charset = $GLOBALS['it_html']->p['charset'] ?: ini_get('default_charset'); |