diff options
author | rdoherty@mozilla.com <rdoherty@mozilla.com@4eb1ac78-321c-0410-a911-ec516a8615a5> | 2008-10-15 22:53:24 (GMT) |
---|---|---|
committer | rdoherty@mozilla.com <rdoherty@mozilla.com@4eb1ac78-321c-0410-a911-ec516a8615a5> | 2008-10-15 22:53:24 (GMT) |
commit | 3f846817bee112ad8be3844f89de52e9c022e126 (patch) | |
tree | b2c56708d813f313a7b174764ae3317f009a2583 /site/app/app_controller.php | |
parent | 3904912b25e89c6e34e23aa4e95967c0b51fb71e (diff) |
bug 343312, XSS on search page, r=clouserw
git-svn-id: http://svn.mozilla.org/addons/trunk@19149 4eb1ac78-321c-0410-a911-ec516a8615a5
Diffstat (limited to 'site/app/app_controller.php')
-rw-r--r-- | site/app/app_controller.php | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/site/app/app_controller.php b/site/app/app_controller.php index 9b88e42..763da5f 100644 --- a/site/app/app_controller.php +++ b/site/app/app_controller.php @@ -370,8 +370,10 @@ class AppController extends Controller } elseif (is_string($data)) { // encode the string - if (!empty($data)) + if (!empty($data)) { + $data = iconv('UTF-8', 'UTF-8//IGNORE', $data); $data = preg_replace($sanitize_patterns['patterns'], $sanitize_patterns['replacements'], $data); + } } // otherwise, we don't do anything (with ints or null etc.). } |