From: Brion Vibber <brion@users.mediawiki.org>
Date: Sat, 24 May 2003 21:07:31 +0000 (+0000)
Subject: Remove non-digit chars from isbn to prevent html insertion attacks
X-Git-Tag: 1.1.0~520
X-Git-Url: http://git.cyclocoop.org/%24image?a=commitdiff_plain;h=586e074ce5072f99c6ea405d44997b80c4bae9f3;p=lhc%2Fweb%2Fwiklou.git

Remove non-digit chars from isbn to prevent html insertion attacks
---

diff --git a/includes/SpecialBooksources.php b/includes/SpecialBooksources.php
index f0017f5f22..b1ae00f545 100644
--- a/includes/SpecialBooksources.php
+++ b/includes/SpecialBooksources.php
@@ -5,7 +5,7 @@
 
 function wfSpecialBooksources()
 {
-	$isbn = $_REQUEST["isbn"];
+	$isbn = preg_replace( '/[^0-9X]/', '', $_REQUEST["isbn"] );
 
 	$bsl = new BookSourceList( $isbn );
 	$bsl->show();