Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-0880: fix: added trim to avoid questions with a single space · thorsten/phpMyFAQ@a67dca4

Misinterpretation of Input in GitHub repository thorsten/phpmyfaq prior to 3.1.11.

CVE
Open in Source
#git#php#auth

@@ -317,21 +317,21 @@ $category = new Category($faqConfig); $questionObject = new Question($faqConfig);
$author = Filter::filterInput(INPUT_POST, 'name’, FILTER_UNSAFE_RAW); $email = Filter::filterInput(INPUT_POST, 'email’, FILTER_VALIDATE_EMAIL); $author = trim(Filter::filterInput(INPUT_POST, 'name’, FILTER_UNSAFE_RAW)); $email = trim(Filter::filterInput(INPUT_POST, 'email’, FILTER_VALIDATE_EMAIL)); $faqId = Filter::filterInput(INPUT_POST, 'faqid’, FILTER_VALIDATE_INT); $faqLanguage = Filter::filterInput(INPUT_POST, 'lang’, FILTER_UNSAFE_RAW); $question = Filter::filterInput(INPUT_POST, 'question’, FILTER_UNSAFE_RAW); $question = strip_tags($question); $question = trim(strip_tags($question)); if ($faqConfig->get(‘main.enableWysiwygEditorFrontend’)) { $answer = Filter::filterInput(INPUT_POST, 'answer’, FILTER_SANITIZE_SPECIAL_CHARS); $answer = html_entity_decode($answer); $answer = trim(html_entity_decode($answer)); } else { $answer = Filter::filterInput(INPUT_POST, 'answer’, FILTER_UNSAFE_RAW); $answer = strip_tags($answer); $answer = nl2br($answer); $answer = trim(nl2br($answer)); } $translatedAnswer = Filter::filterInput(INPUT_POST, 'translated_answer’, FILTER_UNSAFE_RAW); $translatedAnswer = trim(Filter::filterInput(INPUT_POST, 'translated_answer’, FILTER_UNSAFE_RAW)); $contentLink = Filter::filterInput(INPUT_POST, 'contentlink’, FILTER_UNSAFE_RAW); $contentLink = Filter::filterVar($contentLink, FILTER_VALIDATE_URL); $keywords = Filter::filterInput(INPUT_POST, 'keywords’, FILTER_UNSAFE_RAW); @@ -478,11 +478,11 @@ $faq = new Faq($faqConfig); $cat = new Category($faqConfig); $categories = $cat->getAllCategories(); $author = Filter::filterInput(INPUT_POST, 'name’, FILTER_UNSAFE_RAW); $email = Filter::filterInput(INPUT_POST, 'email’, FILTER_VALIDATE_EMAIL); $author = trim(Filter::filterInput(INPUT_POST, 'name’, FILTER_UNSAFE_RAW)); $email = trim(Filter::filterInput(INPUT_POST, 'email’, FILTER_VALIDATE_EMAIL)); $ucategory = Filter::filterInput(INPUT_POST, 'category’, FILTER_VALIDATE_INT); $question = Filter::filterInput(INPUT_POST, 'question’, FILTER_UNSAFE_RAW); $question = strip_tags($question); $question = trim(strip_tags($question)); $save = Filter::filterInput(INPUT_POST, 'save’, FILTER_VALIDATE_INT, 0);
// If e-mail address is set to optional

Related news

GHSA-f9c6-4j9h-6c5r: Misinterpretation of Input in thorsten/phpmyfaq

Misinterpretation of Input in GitHub repository thorsten/phpmyfaq prior to 3.1.11.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE