]> git.wh0rd.org - tt-rss.git/blobdiff - classes/pluginhandler.php
git.wh0rd.org / tt-rss.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
force strip_tags() on all user input unless explicitly allowed
[tt-rss.git] / classes / pluginhandler.php
diff --git a/classes/pluginhandler.php b/classes/pluginhandler.php
index 1c9e7aef6e8e37663c65755752268b197bfbe1c3..d10343e095057801bca90d5727760df497845a10 100644 (file)
--- a/classes/pluginhandler.php
+++ b/classes/pluginhandler.php
@@ -5,7 +5,7 @@ class PluginHandler extends Handler_Protected {
        }
 
        function catchall($method) {
-               $plugin = PluginHost::getInstance()->get_plugin($_REQUEST["plugin"]);
+               $plugin = PluginHost::getInstance()->get_plugin(clean($_REQUEST["plugin"]));
 
                if ($plugin) {
                        if (method_exists($plugin, $method)) {
web-based news feed (RSS/Atom) reader and aggregator; see https://tt-rss.org/