Improve URL encoding for pagination links in gallerySection.php

Daniel Neto · Daniel Neto · commit f50fc033b7ad · 2026-05-28T14:52:59.000-03:00
GHSA-hgjh-6wj8-gcgf
diff --git a/plugin/YouTubeAPI/gallerySection.php b/plugin/YouTubeAPI/gallerySection.php
@@ -64,14 +64,14 @@
         }
         if($_GET['page'] > 1 && !empty($object->prevPageToken)){
         ?>
-        <a href="<?php echo "{$global['webSiteRootURL']}page/".($_GET['page']-1)."?pageToken={$object->prevPageToken}&search=".(@$_GET['search']); ?>" class="btn btn-primary btn-sm pull-left">
+        <a href="<?php echo htmlspecialchars("{$global['webSiteRootURL']}page/".(intval($_GET['page'])-1)."?pageToken=".urlencode($object->prevPageToken)."&search=".urlencode(@$_GET['search']), ENT_QUOTES | ENT_HTML5, 'UTF-8'); ?>" class="btn btn-primary btn-sm pull-left">
             <i class="fas fa-angle-double-left"></i> <?php echo __("Previous"); ?>
         </a>
         <?php
         }
         if(!empty($object->nextPageToken)){
         ?>
-        <a href="<?php echo "{$global['webSiteRootURL']}page/".($_GET['page']+1)."?pageToken={$object->nextPageToken}&search=".(@$_GET['search']); ?>" class="btn btn-primary btn-sm pull-right">
+        <a href="<?php echo htmlspecialchars("{$global['webSiteRootURL']}page/".(intval($_GET['page'])+1)."?pageToken=".urlencode($object->nextPageToken)."&search=".urlencode(@$_GET['search']), ENT_QUOTES | ENT_HTML5, 'UTF-8'); ?>" class="btn btn-primary btn-sm pull-right">
             <?php echo __("Next"); ?> <i class="fas fa-angle-double-right"></i>
         </a>
         <?php
@@ -80,4 +80,4 @@
     </div>
     <?php
 }
-?>
+?>
