fixed XSS protection

oscarotero · oscarotero · commit 11ab3ddf33dc · 2015-11-26T17:29:28.000+01:00
diff --git a/demo/index.php b/demo/index.php
@@ -6,12 +6,17 @@
 
 function get($name, $default = '')
 {
-    if($name == 'url') {
-        if(filter_var($_GET['url'], FILTER_VALIDATE_URL)) {
+    if (!isset($_GET[$name])) {
+        return $default;
+    }
+
+    if ($name === 'url') {
+        if (!filter_var($_GET['url'], FILTER_VALIDATE_URL)) {
             return 'http://doNotTryToXSS.invalid';
         }
     }
-    return isset($_GET[$name]) ? $_GET[$name] : $default;
+
+    return $_GET[$name];
 }
 
 function getEscaped($name, $default = '')

Original file line number	Diff line number	Diff line change
`@@ -6,12 +6,17 @@`
`6`	`6`
`7`	`7`	`function get($name, $default = '')`
`8`	`8`	`{`
`9`		`- if($name == 'url') {`
`10`		`- if(filter_var($_GET['url'], FILTER_VALIDATE_URL)) {`
	`9`	`+ if (!isset($_GET[$name])) {`
	`10`	`+ return $default;`
	`11`	`+ }`
	`12`	`+`
	`13`	`+ if ($name === 'url') {`
	`14`	`+ if (!filter_var($_GET['url'], FILTER_VALIDATE_URL)) {`
`11`	`15`	`return 'http://doNotTryToXSS.invalid';`
`12`	`16`	`}`
`13`	`17`	`}`
`14`		`- return isset($_GET[$name]) ? $_GET[$name] : $default;`
	`18`	`+`
	`19`	`+ return $_GET[$name];`
`15`	`20`	`}`
`16`	`21`
`17`	`22`	`function getEscaped($name, $default = '')`