Skip to content

Instantly share code, notes, and snippets.

@larcher

larcher/custom-google-search.php-xss-fix.patch

Created March 13, 2014 20:49
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save larcher/9536712 to your computer and use it in GitHub Desktop.
Save larcher/9536712 to your computer and use it in GitHub Desktop.
Download ZIP
Fix to prevent JavaScript injection in Custom Google Search (v1.2) WordPress plugin
Raw
custom-google-search.php-xss-fix.patch
--- custom-google-search.php.orig 2014-03-13 15:37:59.185879551 -0500
+++ custom-google-search.php 2014-03-13 15:38:43.309881189 -0500
@@ -195,7 +195,7 @@
if ( isset( $args['search_text'] ) )
$search_text = '
///run search by query
- customSearchControl.execute("' . $_REQUEST['s'] . '");';
+ customSearchControl.execute("' . get_search_query() . '");';
else
$search_text = '';
@@ -330,9 +330,8 @@
$arg = array();
- if ( isset( $_REQUEST['s'] ) && '' != $_REQUEST['s'] )
$args = array(
- 'search_text' => $_REQUEST['s']
+ 'search_text' => get_search_query()
);
$search_box = $this->generate_search_box( $args );
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment