diff options
| author | Cash Costello <cash.costello@gmail.com> | 2011-07-04 09:15:11 -0700 |
|---|---|---|
| committer | Cash Costello <cash.costello@gmail.com> | 2011-07-04 09:15:11 -0700 |
| commit | 440c94c74f929344c5b755e2607c8426d4de08b3 (patch) | |
| tree | aa042845b8e241fdba5b9bd8ebeab66631437b4a /mod/embed/start.php | |
| parent | de111da23258cd2b513c8f4ab84712ee50272b23 (diff) | |
| parent | 3beedd84a7dbcf7a17a75248473302320653d231 (diff) | |
| download | elgg-440c94c74f929344c5b755e2607c8426d4de08b3.tar.gz elgg-440c94c74f929344c5b755e2607c8426d4de08b3.tar.bz2 | |
Merge pull request #53 from cash/reflected_xss_fixes
Fixes #3544 Reflected xss fixes
Diffstat (limited to 'mod/embed/start.php')
| -rw-r--r-- | mod/embed/start.php | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/mod/embed/start.php b/mod/embed/start.php index f6f1acc57..bdd832b4e 100644 --- a/mod/embed/start.php +++ b/mod/embed/start.php @@ -81,8 +81,10 @@ function embed_page_handler($page) { elgg_sort_3d_array_by_value($sections, 'name'); elgg_sort_3d_array_by_value($upload_sections, 'name'); - $active_section = get_input('active_section', NULL); - $internal_id = get_input('internal_id', NULL); + $active_section = get_input('active_section', ''); + $active_section = preg_replace('[\W]', '', $active_section); + $internal_id = get_input('internal_id', ''); + $internal_id = preg_replace('[\W]', '', $internal_id); echo elgg_view('embed/embed', array( 'sections' => $sections, |