diff --git a/src/include/functions_common.php b/src/include/functions_common.php index 548b7c9..b0a7fa0 100644 --- a/src/include/functions_common.php +++ b/src/include/functions_common.php @@ -1341,7 +1341,7 @@ function OutputDebugMessage($szDbg, $szDbgLevel = DEBUG_INFO) "DBGLEVEL" => $szDbgLevel, "DBGLEVELTXT" => GetDebugModeString($szDbgLevel), "DBGLEVELBG" => GetDebugBgColor($szDbgLevel), - "DBGMSG" => "$szDbg" + "DBGMSG" => strip_dangerous_html_tags($szDbg) ); } @@ -1954,6 +1954,43 @@ function MultiSortArrayByItemCountAsc( $arrayFirst, $arraySecond ) // Move up or down return ($arrayFirst['itemcount'] < $arraySecond['itemcount']) ? -1 : 1; } -// --- +/** +* Helper function to remove dangerous HTML Tags +*/ +function strip_dangerous_html_tags( $text ) +{ + $text = preg_replace( + array( + // Remove invisible content + '@]*?>@siu', + '@@siu', + '@]*?>@siu', + '@@siu', + '@]*?>@siu', + '@@siu', + '@]*?>@siu', + '@/script>@siu', + '@]*?>@siu', + '@@siu', + '@]*?>@siu', + '@@siu', + '@]*?>@siu', + '@@siu', + '@]*?>@siu', + '@@siu', + '@]*?>@siu', + '@@siu', + '@]*?>@siu', + '@@siu', + ), + array( + ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', + ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', + ), $text ); + + return $text; +} + +// --- ?> \ No newline at end of file diff --git a/src/index.php b/src/index.php index ba84b5a..2f41b3f 100644 --- a/src/index.php +++ b/src/index.php @@ -197,8 +197,8 @@ if ( (isset($_POST['search']) || isset($_GET['search'])) || (isset($_POST['filte $content['TITLE'] = InitPageTitle(); // Append custom title part! -if ( isset($content['searchstr']) && strlen($content['searchstr']) > 0 ) - $content['TITLE'] .= " :: Results for the search '" . $content['searchstr'] . "'"; // Append search +if ( isset($content['searchstr_htmlform']) && strlen($content['searchstr_htmlform']) > 0 ) + $content['TITLE'] .= " :: Results for the search '" . $content['searchstr_htmlform'] . "'"; // Append search else $content['TITLE'] .= " :: All Syslogmessages"; // --- END CREATE TITLE