From 038bce7870418bb03e87d2177fef301cf984b4aa Mon Sep 17 00:00:00 2001 From: RifeWang Date: Thu, 18 Feb 2021 22:46:43 +0800 Subject: [PATCH] =?UTF-8?q?fix:=20=E6=90=9C=E7=B4=A2=E5=BC=82=E5=B8=B8?= =?UTF-8?q?=E6=97=B6=E5=AF=BC=E8=87=B4=E9=A1=B5=E9=9D=A2=E6=B8=B2=E6=9F=93?= =?UTF-8?q?=E5=BC=82=E5=B8=B8,=20=E6=90=9C=E7=B4=A2=E6=A1=86=20XSS=20?= =?UTF-8?q?=E6=BC=8F=E6=B4=9E?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- http/controller/search.go | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/http/controller/search.go b/http/controller/search.go index 64618ea0..8dffe269 100644 --- a/http/controller/search.go +++ b/http/controller/search.go @@ -1,6 +1,8 @@ package controller import ( + "html" + "github.com/studygolang/studygolang/context" "github.com/studygolang/studygolang/logic" @@ -31,11 +33,12 @@ func (SearchController) Search(ctx echo.Context) error { "q": q, "f": field, } - if err == nil { - uri := "/search?q=" + q + "&f=" + field + "&" - paginator := logic.NewPaginatorWithPerPage(p, rows) - data["pageHtml"] = paginator.SetTotal(int64(respBody.NumFound)).GetPageHtml(uri) + if err != nil { + return render(ctx, "500.html", nil) } + uri := "/search?q=" + html.EscapeString(q) + "&f=" + field + "&" + paginator := logic.NewPaginatorWithPerPage(p, rows) + data["pageHtml"] = paginator.SetTotal(int64(respBody.NumFound)).GetPageHtml(uri) return render(ctx, "search.html", data) } @@ -60,11 +63,12 @@ func (SearchController) TagList(ctx echo.Context) error { "users": users, "nodes": nodes, } - if err == nil { - uri := "/tag/" + q + "?" - paginator := logic.NewPaginatorWithPerPage(p, rows) - data["pageHtml"] = paginator.SetTotal(int64(respBody.NumFound)).GetPageHtml(uri) + if err != nil { + return render(ctx, "500.html", nil) } + uri := "/tag/" + q + "?" + paginator := logic.NewPaginatorWithPerPage(p, rows) + data["pageHtml"] = paginator.SetTotal(int64(respBody.NumFound)).GetPageHtml(uri) return render(ctx, "feed/tag.html", data) }