Skip to main content
Topic: Search engine: url param (Read 1476 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

Search engine: url param

File: C:\...\sources\admin\ManageSearch.controller.php
Url: /index.php?action=admin;area=managesearch;sa=settings

Code: [Select]
'url' => trim(Util::htmlspecialchars($_POST['engine_url'][$id], ENT_COMPAT))

htmlspecialchars replaced & symbol in my url.

Maybe better to check the url function filter_var('http://example.com', FILTER_VALIDATE_URL) ?

~ See fix example ~, but it is not safe  :-\
Last Edit: October 23, 2016, 05:07:11 am by inter
Sorry for my English

Re: Search engine: url param

Reply #1

Good point...
Bugs creator.
Features destroyer.
Template killer.

 

Re: Search engine: url param

Reply #2

Or in alternative un_htmlspecialchars the url before using it?

hmm... I don't remember posting the previous one... writing yes, but not posting... unless I was doing something else. meh.
Bugs creator.
Features destroyer.
Template killer.