Changes in [2741:014e6f1fedce:2742:8382f97c65e2]
- Files:
-
- 4 edited
-
.hgtags (modified) (1 diff)
-
CHANGELOG (modified) (1 diff)
-
admin/search.php (modified) (2 diffs)
-
admin/xmlrpc.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
.hgtags
r2714 r2742 20 20 1f8978ee39fc70bf9a6c345cf3b550722b819173 2.6.2 21 21 121f94747a10af7f58a88c00537eafc4e0d29685 2.6.3 22 80d565483595acca5b1d9e149aa8a2a9fe5983a6 2.6.4 -
CHANGELOG
r2718 r2742 1 Dotclear 2.6.4 - 2014-08-18 2 =========================================================== 3 * Security fix: Sanitize search request. Thanks to Takayuki Uchiyama 4 * Security fix: Strenghened xmlrpc (see http://www.breaksec.com/?p=6362) 5 1 6 Dotclear 2.6.3 - 2014-05-16 2 7 =========================================================== -
admin/search.php
r2720 r2742 29 29 if ($q) 30 30 { 31 $q = html::escapeHTML($q); 32 31 33 $params = array(); 32 34 … … 94 96 '<form action="'.$core->adminurl->get("admin.search").'" method="get">'. 95 97 '<div class="fieldset"><h3>'.__('Search options').'</h3>'. 96 '<p><label for="q">'.__('Query:').' </label>'.form::field('q',30,255, html::escapeHTML($q)).'</p>'.98 '<p><label for="q">'.__('Query:').' </label>'.form::field('q',30,255,$q).'</p>'. 97 99 '<p><label for="qtype1" class="classic">'.form::radio(array('qtype','qtype1'),'p',$qtype == 'p').' '.__('Search in entries').'</label> '. 98 100 '<label for="qtype2" class="classic">'.form::radio(array('qtype','qtype2'),'c',$qtype == 'c').' '.__('Search in comments').'</label></p>'. -
admin/xmlrpc.php
r2566 r2730 27 27 } 28 28 29 # Avoid plugins warnings, set a default blog 30 $core->setBlog($blog_id); 31 29 32 # Loading plugins 30 33 $core->plugins->loadModules(DC_PLUGINS_ROOT);
Note: See TracChangeset
for help on using the changeset viewer.