Merge branch '950-quicktips-search-query-not-properly-escaped' into 'development'

Resolve "Quicktips Search Query Not Properly Escaped" Closes #950 See merge request !1558

Merge branch '950-quicktips-search-query-not-properly-escaped' into 'development'
Resolve "Quicktips Search Query Not Properly Escaped" Closes #950 See merge request !1558
d494e5ca · Dominik Hebeler · 84a1090e · ced476e1 · d494e5ca · d494e5ca
Commit d494e5ca authored Apr 02, 2020 by Dominik Hebeler
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 2 deletions

app/Http/Controllers/MetaGerSearch.php app/Http/Controllers/MetaGerSearch.php +6 -1

routes/web.php routes/web.php +1 -1

No files found.
--- a/app/Http/Controllers/MetaGerSearch.php
+++ b/app/Http/Controllers/MetaGerSearch.php
@@ -267,8 +267,13 @@ class MetaGerSearch extends Controller
            ->with('tips', $tips);
    }

-    public function quicktips($search)
+    public function quicktips(Request $request)
    {
+        $search = $request->input('search', '');
+        if(empty($search)){
+            abort(404);
+        }
+
        $quicktips = new \App\Models\Quicktips\Quicktips($search);
        return view('quicktips')
            ->with('quicktips', $quicktips->getResults())

--- a/routes/web.php
+++ b/routes/web.php
@@ -196,7 +196,7 @@ Route::group(
        Route::get('pluginClose', 'LogController@pluginClose');
        Route::get('pluginInstall', 'LogController@pluginInstall');

-        Route::get('qt/{eingabe}', 'MetaGerSearch@quicktips');
+        Route::get('qt', 'MetaGerSearch@quicktips');
        Route::get('tips', 'MetaGerSearch@tips');
        Route::get('/plugins/opensearch.xml', 'StartpageController@loadPlugin');
        Route::get('owi', function () {