Mirrors/grav
1
0
Fork 0
mirror of https://github.com/getgrav/grav.git synced 2025-02-20 19:56:53 +01:00
Code Issues Packages Projects Releases Wiki Activity

remove filter_input in favor of htmlspecialchars + strip_tags

Browse Source
This commit is contained in:
Andy Miller 2023-05-08 18:42:52 -06:00
parent 95ae35216a
commit 369c2e9ffa
No known key found for this signature in database
GPG Key ID: 9F2CF38AEBDB0AE0
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
system/src/Grav/Common/Page/Page.php
View File

@ -1270,9 +1270,14 @@ class Page implements PageInterface
*/
public function blueprintName()
{
$blueprint_name = filter_input(INPUT_POST, 'blueprint', FILTER_SANITIZE_STRING) ?: $this->template();
if (!isset($_POST['blueprint'])) {
return $this->template();
}
return $blueprint_name;
$post_value = $_POST['blueprint'];
$sanitized_value = htmlspecialchars(strip_tags($post_value), ENT_QUOTES, 'UTF-8');
return $sanitized_value ?: $this->template();
}
/**