From 61e004c204ff10e19c1e059323f1f40c95b9e296 Mon Sep 17 00:00:00 2001
From: Michael Larabel <michael@phoronix.com>
Date: Sun, 26 Jun 2022 15:12:27 -0500
Subject: [PATCH] pts-core: Local result viewer filter out any excess
 characters passed to comparison ID forwarder

---
 pts-core/static/dynamic-result-viewer/index.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/pts-core/static/dynamic-result-viewer/index.php b/pts-core/static/dynamic-result-viewer/index.php
index 56c6a05994..df674ee740 100644
--- a/pts-core/static/dynamic-result-viewer/index.php
+++ b/pts-core/static/dynamic-result-viewer/index.php
@@ -42,6 +42,12 @@
 
 if(isset($_REQUEST['checkbox_compare_results']))
 {
+	foreach($_REQUEST['checkbox_compare_results'] as &$inp)
+	{
+		// Remove any possible garbage since the result identifiers should just have alpha num and dashes anyhow...
+		$inp = preg_replace('/[^\w-]/', '', $inp);
+	}
+
 	echo '<script> window.location.href = "http://' . $_SERVER['HTTP_HOST'] . WEB_URL_PATH . 'result/' . implode(',', $_REQUEST['checkbox_compare_results']) . '"; </script>';
 	exit;
 }