mirror of
https://github.com/Piwigo/Piwigo.git
synced 2026-07-05 09:22:21 +02:00
fixes GHSA-7379-w44f-mfw4 and fixes GHSA-8g2g-6f2c-6h7j protect tag name from XSS
This commit is contained in:
@@ -2365,6 +2365,9 @@ function get_extents($start='')
|
|||||||
*/
|
*/
|
||||||
function create_tag($tag_name)
|
function create_tag($tag_name)
|
||||||
{
|
{
|
||||||
|
// clean the tag, no html/js allowed in tag name
|
||||||
|
$tag_name = strip_tags($tag_name);
|
||||||
|
|
||||||
// does the tag already exists?
|
// does the tag already exists?
|
||||||
$query = '
|
$query = '
|
||||||
SELECT id
|
SELECT id
|
||||||
|
|||||||
Reference in New Issue
Block a user