From 372428d02a08e90b3a253ba5c506cda84581a5af Mon Sep 17 00:00:00 2001
From: Thorsten Rinne <thorsten@phpmyfaq.de>
Date: Fri, 21 Oct 2022 12:59:11 +0200
Subject: [PATCH] fix: add missing check on special characters for page ID

---
 phpmyfaq/admin/ajax.config.php | 4 ++--
 phpmyfaq/admin/meta.edit.php   | 2 +-
 phpmyfaq/admin/meta.php        | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/phpmyfaq/admin/ajax.config.php b/phpmyfaq/admin/ajax.config.php
index 84131b79d7..7c72fba29a 100644
--- a/phpmyfaq/admin/ajax.config.php
+++ b/phpmyfaq/admin/ajax.config.php
@@ -203,8 +203,8 @@
         $entity = new MetaEntity();
 
         $entity
-            ->setPageId(Filter::filterInput(INPUT_GET, 'page_id', FILTER_UNSAFE_RAW))
-            ->setType(Filter::filterInput(INPUT_GET, 'type', FILTER_UNSAFE_RAW))
+            ->setPageId(Filter::filterInput(INPUT_GET, 'page_id', FILTER_SANITIZE_SPECIAL_CHARS))
+            ->setType(Filter::filterInput(INPUT_GET, 'type', FILTER_SANITIZE_SPECIAL_CHARS))
             ->setContent(Filter::filterInput(INPUT_GET, 'content', FILTER_SANITIZE_SPECIAL_CHARS));
 
         $metaId = $meta->add($entity);
diff --git a/phpmyfaq/admin/meta.edit.php b/phpmyfaq/admin/meta.edit.php
index 5aa9bcc3a7..a9ea66bea0 100644
--- a/phpmyfaq/admin/meta.edit.php
+++ b/phpmyfaq/admin/meta.edit.php
@@ -56,7 +56,7 @@
   <div class="form-group row">
     <label for="page_id" class="col-sm-2 col-form-label"><?= $PMF_LANG['ad_meta_page_id'] ?></label>
     <div class="col-sm-10">
-      <input type="text" class="form-control" name="page_id" value="<?= $metaData->getPageId() ?>" required>
+      <input type="text" class="form-control" name="page_id" maxlength="48" value="<?= $metaData->getPageId() ?>" required>
     </div>
   </div>
 
diff --git a/phpmyfaq/admin/meta.php b/phpmyfaq/admin/meta.php
index 8607c22195..ed5e7b466d 100644
--- a/phpmyfaq/admin/meta.php
+++ b/phpmyfaq/admin/meta.php
@@ -135,7 +135,7 @@
           <div class="form-group row">
             <label for="page_id" class="col-sm-2 col-form-label"><?= $PMF_LANG['ad_meta_page_id'] ?></label>
             <div class="col-sm-10">
-              <input type="text" class="form-control" id="page_id" required>
+              <input type="text" class="form-control" id="page_id" maxlength="48" required>
             </div>
           </div>