mirror of
https://github.com/linuxserver/Heimdall.git
synced 2025-11-03 06:22:39 +09:00
Escape search queries and add setting value on edit
This commit is contained in:
Chris Hunt
@@ -18,6 +18,9 @@ class SearchController extends Controller
|
|||||||
$requestprovider = $request->input('provider');
|
$requestprovider = $request->input('provider');
|
||||||
$query = $request->input('q');
|
$query = $request->input('q');
|
||||||
|
|
||||||
|
// Sanitize the query to prevent XSS
|
||||||
|
$query = htmlspecialchars($query, ENT_QUOTES, 'UTF-8');
|
||||||
|
|
||||||
// Validate the presence and non-emptiness of the query parameter
|
// Validate the presence and non-emptiness of the query parameter
|
||||||
if (!$query || trim($query) === '') {
|
if (!$query || trim($query) === '') {
|
||||||
abort(400, 'Missing or empty query parameter');
|
abort(400, 'Missing or empty query parameter');
|
||||||
|
|||||||
@@ -45,6 +45,7 @@ class SettingsController extends Controller
|
|||||||
if (! is_null($setting)) {
|
if (! is_null($setting)) {
|
||||||
return view('settings.edit')->with([
|
return view('settings.edit')->with([
|
||||||
'setting' => $setting,
|
'setting' => $setting,
|
||||||
|
'value' => $setting->value,
|
||||||
]);
|
]);
|
||||||
} else {
|
} else {
|
||||||
$route = route('settings.list', []);
|
$route = route('settings.list', []);
|
||||||
|
|||||||
@@ -121,7 +121,7 @@ abstract class Search
|
|||||||
$output .= '<option value="'.$key.'"'.$selected.'>'.$searchprovider['name'].'</option>';
|
$output .= '<option value="'.$key.'"'.$selected.'>'.$searchprovider['name'].'</option>';
|
||||||
}
|
}
|
||||||
$output .= '</select>';
|
$output .= '</select>';
|
||||||
$output .= '<input type="text" name="q" value="'.(Input::get('q') ?? '').'" class="homesearch" autofocus placeholder="'.__('app.settings.search').'..." />';
|
$output .= '<input type="text" name="q" value="'.e(Input::get('q') ?? '').'" class="homesearch" autofocus placeholder="'.__('app.settings.search').'..." />';
|
||||||
$output .= '<button type="submit">'.ucwords(__('app.settings.search')).'</button>';
|
$output .= '<button type="submit">'.ucwords(__('app.settings.search')).'</button>';
|
||||||
$output .= '</div>';
|
$output .= '</div>';
|
||||||
$output .= '</form>';
|
$output .= '</form>';
|
||||||
|
|||||||
@@ -198,10 +198,10 @@ class Setting extends Model
|
|||||||
$value .= '</select>';
|
$value .= '</select>';
|
||||||
break;
|
break;
|
||||||
case 'textarea':
|
case 'textarea':
|
||||||
$value = '<textarea name="value" class="form-control" cols="44" rows="15"></textarea>';
|
$value = '<textarea name="value" class="form-control" cols="44" rows="15">' . htmlspecialchars($this->value, ENT_QUOTES, 'UTF-8') . '</textarea>';
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
$value = '<input type="text" name="value" class="form-control" />';
|
$value = '<input type="text" name="value" class="form-control" value="' . htmlspecialchars($this->value, ENT_QUOTES, 'UTF-8') . '" />';
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -5,7 +5,7 @@ use Illuminate\Support\Facades\Facade;
|
|||||||
|
|
||||||
return [
|
return [
|
||||||
|
|
||||||
'version' => '2.7.2',
|
'version' => '2.7.3',
|
||||||
|
|
||||||
'appsource' => env('APP_SOURCE', 'https://appslist.heimdall.site/'),
|
'appsource' => env('APP_SOURCE', 'https://appslist.heimdall.site/'),
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user