Commit 6771c3f3 authored by jcnventura's avatar jcnventura

Properly escape input URL.

parent 91497c1b
......@@ -20,7 +20,7 @@ $_print_urls = PRINT_URLS_DEFAULT;
*/
function print_controller_html() {
$args = func_get_args();
$path = implode('/', $args);
$path = filter_xss(implode('/', $args));
$cid = isset($_GET['comment']) ? (int)$_GET['comment'] : NULL;
$print = print_controller($path, $cid, PRINT_HTML_FORMAT);
......
......@@ -26,7 +26,7 @@ function print_mail_form($form, &$form_state) {
// Remove the printmail/ prefix
$path_arr = explode('/', $_GET['q']);
unset($path_arr[0]);
$path = implode('/', $path_arr);
$path = filter_xss(implode('/', $path_arr));
if (empty($path)) {
// If no path was provided, let's try to generate a page for the referer
global $base_url;
......
......@@ -24,7 +24,7 @@ function print_pdf_controller() {
$GLOBALS['conf']['cache'] = FALSE;
$args = func_get_args();
$path = implode('/', $args);
$path = filter_xss(implode('/', $args));
$cid = isset($_GET['comment']) ? (int)$_GET['comment'] : NULL;
if (!empty($path)) {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment