fix(widget handler): sanitize width and height

YesWiki · Oct 5, 2021 · 45f9b84 · 45f9b84
1 parent df42b08
commit 45f9b84
Showing 1 changed file with 6 additions and 2 deletions.
diff --git a/tools/templates/handlers/page/widget.php b/tools/templates/handlers/page/widget.php
@@ -5,8 +5,12 @@
     die("acc&egrave;s direct interdit");
 }
 
-$width = (isset($_GET['width'])) ? $_GET['width'] : '100%';
-$height = (isset($_GET['height'])) ? $_GET['height'] : 700;
+$width = $_GET['width'] ?? '100%';
+$height = $_GET['height'] ?? 700;
+
+// sanitize 
+$width = (preg_match('/^[0-9]+(%|[a-z]{2})?$/m',$width)) ? $width : '100%';
+$height = (preg_match('/^[0-9]+(%|[a-z]{2})?$/m',$height)) ? $height : 700;
 
 echo $this->Header();
 echo "<h2>"._t('TEMPLATE_WIDGET_TITLE')."</h2>";