From 586e074ce5072f99c6ea405d44997b80c4bae9f3 Mon Sep 17 00:00:00 2001 From: Brion Vibber Date: Sat, 24 May 2003 21:07:31 +0000 Subject: [PATCH] Remove non-digit chars from isbn to prevent html insertion attacks --- includes/SpecialBooksources.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/includes/SpecialBooksources.php b/includes/SpecialBooksources.php index f0017f5f22..b1ae00f545 100644 --- a/includes/SpecialBooksources.php +++ b/includes/SpecialBooksources.php @@ -5,7 +5,7 @@ function wfSpecialBooksources() { - $isbn = $_REQUEST["isbn"]; + $isbn = preg_replace( '/[^0-9X]/', '', $_REQUEST["isbn"] ); $bsl = new BookSourceList( $isbn ); $bsl->show(); -- 2.20.1