linuxserver/Heimdall
1
0
Fork 0
mirror of https://github.com/linuxserver/Heimdall.git synced 2025-11-01 13:37:48 +09:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Escape search queries and add setting value on edit

Browse Source
This commit is contained in:
Chris Hunt
2025-07-24 19:05:16 +01:00
parent 41aa255b88
commit d1a96dd752
5 changed files with 30 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
app/Http/Controllers/SearchController.php
View File

@@ -18,6 +18,9 @@ class SearchController extends Controller
$requestprovider = $request->input('provider');
$query = $request->input('q');
// Sanitize the query to prevent XSS
$query = htmlspecialchars($query, ENT_QUOTES, 'UTF-8');
// Validate the presence and non-emptiness of the query parameter
if (!$query || trim($query) === '') {
abort(400, 'Missing or empty query parameter');

1
app/Http/Controllers/SettingsController.php
View File

@@ -45,6 +45,7 @@ class SettingsController extends Controller
if (! is_null($setting)) {
return view('settings.edit')->with([
'setting' => $setting,
'value' => $setting->value,
]);
} else {
$route = route('settings.list', []);

2
app/Search.php
View File

@@ -121,7 +121,7 @@ abstract class Search
$output .= '<option value="'.$key.'"'.$selected.'>'.$searchprovider['name'].'</option>';
}
$output .= '</select>';
$output .= '<input type="text" name="q" value="'.(Input::get('q') ?? '').'" class="homesearch" autofocus placeholder="'.__('app.settings.search').'..." />';
$output .= '<input type="text" name="q" value="'.e(Input::get('q') ?? '').'" class="homesearch" autofocus placeholder="'.__('app.settings.search').'..." />';
$output .= '<button type="submit">'.ucwords(__('app.settings.search')).'</button>';
$output .= '</div>';
$output .= '</form>';

4
app/Setting.php
View File

@@ -198,10 +198,10 @@ class Setting extends Model
$value .= '</select>';
break;
case 'textarea':
$value = '<textarea name="value" class="form-control" cols="44" rows="15"></textarea>';
$value = '<textarea name="value" class="form-control" cols="44" rows="15">' . htmlspecialchars($this->value, ENT_QUOTES, 'UTF-8') . '</textarea>';
break;
default:
$value = '<input type="text" name="value" class="form-control" />';
$value = '<input type="text" name="value" class="form-control" value="' . htmlspecialchars($this->value, ENT_QUOTES, 'UTF-8') . '" />';
break;
}

2
config/app.php
View File

@@ -5,7 +5,7 @@ use Illuminate\Support\Facades\Facade;
return [
'version' => '2.7.2',
'version' => '2.7.3',
'appsource' => env('APP_SOURCE', 'https://appslist.heimdall.site/'),