tracker.php parameter sanitizing (#1212)

2025-08-21 22:03:49 -07:00 · 2023-12-17 15:29:17 +04:00 · 2023-12-17 15:29:17 +04:00 · d28094006f
commit d28094006f
parent 8d20a79bc7
1 changed files with 1 additions and 1 deletions
--- a/tracker.php
+++ b/tracker.php
@ -43,7 +43,7 @@ $start = isset($_REQUEST['start']) ? abs((int)$_REQUEST['start']) : 0;
 $set_default = isset($_GET['def']);
 $user_id = $userdata['user_id'];
 $lastvisit = (!IS_GUEST) ? $userdata['user_lastvisit'] : '';
-$search_id = (isset($_GET['search_id']) && is_string($_GET['search_id'])) ? $_GET['search_id'] : '';
+$search_id = (isset($_GET['search_id']) && is_string($_GET['search_id'])) ? DB()->escape($_GET['search_id']) : '';
 $session_id = $userdata['session_id'];

 $status = $_POST['status'] ?? false;