Filter for xss

collectiveaccess · Apr 26, 2022 · a4c89c5 · a4c89c5
1 parent 8f24c10
commit a4c89c5
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/app/controllers/lookup/DisplayTemplateController.php b/app/controllers/lookup/DisplayTemplateController.php
@@ -7,7 +7,7 @@
  * ----------------------------------------------------------------------
  *
  * Software by Whirl-i-Gig (http://www.whirl-i-gig.com)
- * Copyright 2011-2015 Whirl-i-Gig
+ * Copyright 2011-2022 Whirl-i-Gig
  *
  * For more information visit http://www.CollectiveAccess.org
  *
@@ -30,7 +30,7 @@
 class DisplayTemplateController extends ActionController {
 	# -------------------------------------------------------
 	public function Get() {
-		$ps_template = $this->getRequest()->getParameter('template', pString);
+		$ps_template = $this->getRequest()->getParameter('template', pString, 'GET', ['purify' => true, 'urldecode' => false]);
 		$ps_table = $this->getRequest()->getParameter('table', pString);
 		$pn_id = $this->getRequest()->getParameter('id', pString);
 
@@ -42,7 +42,7 @@ public function Get() {
 		if(!($t_instance->load($pn_id))) {
 			return false;
 		}
-
+		
 		print @$t_instance->getWithTemplate($ps_template);
 	}
 	# -------------------------------------------------------