diff options
author | Andrew Dolgov <[email protected]> | 2017-12-03 23:35:38 +0300 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2017-12-03 23:35:38 +0300 |
commit | e6532439d68234d86176e4d967609d68dd564c1d (patch) | |
tree | 6b5336fc8ea97ab3ecb1db547189b63ae1cd6120 /classes/backend.php | |
parent | 7c6f7bb0aa50f42fd697fbe82dc9b8b5931a3a52 (diff) |
force strip_tags() on all user input unless explicitly allowed
Diffstat (limited to 'classes/backend.php')
-rw-r--r-- | classes/backend.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/classes/backend.php b/classes/backend.php index c9a595b86..d5d0f5a01 100644 --- a/classes/backend.php +++ b/classes/backend.php @@ -84,7 +84,7 @@ class Backend extends Handler { } function help() { - $topic = basename($_REQUEST["topic"]); + $topic = basename(clean($_REQUEST["topic"])); switch ($topic) { case "main": |