]> git.wh0rd.org - tt-rss.git/blobdiff - classes/backend.php
git.wh0rd.org / tt-rss.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
force strip_tags() on all user input unless explicitly allowed
[tt-rss.git] / classes / backend.php
diff --git a/classes/backend.php b/classes/backend.php
index c9a595b86ca17b1e33f3ddc943dace9dc81b60dd..d5d0f5a01ba1b94e9fa2c6ceb57019c091837b6d 100644 (file)
--- a/classes/backend.php
+++ b/classes/backend.php
@@ -84,7 +84,7 @@ class Backend extends Handler {
        }
 
        function help() {
-               $topic = basename($_REQUEST["topic"]);
+               $topic = basename(clean($_REQUEST["topic"]));
 
                switch ($topic) {
                case "main":
web-based news feed (RSS/Atom) reader and aggregator; see https://tt-rss.org/