Skip to content
This repository has been archived by the owner on Aug 21, 2020. It is now read-only.

Commit

Permalink
Fixed security issue with google spellchecker
Browse files Browse the repository at this point in the history
  • Loading branch information
@spocke
spocke committed Nov 16, 2012
1 parent 1a147c5 commit 2291018
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 0 deletions.
2 changes: 2 additions & 0 deletions changelog.txt
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
Version 2.0.6.1 (2012-11-16)
Fixed security issue with google spellchecker.
Version 2.0.6 (2011-09-29)
Fixed incorrect position of suggestion menu.
Fixed handling of mispelled words with no suggestions in PSpellShell engine.
Expand Down
2 changes: 2 additions & 0 deletions classes/GoogleSpell.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,8 @@ function &getSuggestions($lang, $word) {
}

function &_getMatches($lang, $str) {
$lang = preg_replace('/[^a-z\-]/i', '', $lang); // Sanitize, remove everything but a-z or -
$str = preg_replace('/[\x00-\x1F\x7F]/', '', $str); // Sanitize, remove all control characters
$server = "www.google.com";
$port = 443;
$path = "/tbproxy/spell?lang=" . $lang . "&hl=en";
Expand Down

0 comments on commit 2291018

Please sign in to comment.