summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorcanyonknight <canyonknight@gmail.com>2012-11-06 23:13:45 +0100
committerLukas Fleischer <archlinux@cryptocrack.de>2012-11-07 00:59:28 +0100
commit4161e147969a3445ffd84dcd10b99baaee523bce (patch)
tree9dc0be96647e35bf10f2ca02104bc3628647f5ec
parent630f1cbae8473fb05e5f5af7244eccc60fe93812 (diff)
downloadaur-4161e147969a3445ffd84dcd10b99baaee523bce.tar.gz
aur-4161e147969a3445ffd84dcd10b99baaee523bce.tar.xz
pkg_details.php: Fix potential XSS for package names and dep conditions
Package names and dep conditions can be specially crafted for an XSS attack. Properly sanitize these variables on the package details page. In addition, avoid including dep conditions as part of a package link. Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
-rw-r--r--web/template/pkg_details.php6
1 files changed, 3 insertions, 3 deletions
diff --git a/web/template/pkg_details.php b/web/template/pkg_details.php
index cdf2764c..b5d8a9f6 100644
--- a/web/template/pkg_details.php
+++ b/web/template/pkg_details.php
@@ -190,9 +190,9 @@ if ($row["MaintainerUID"]):
# darr: (DepName, DepCondition, PackageID), where ID is NULL if it didn't exist
if (!is_null($darr[2])):
?>
- <li><a href="<?= htmlspecialchars(get_pkg_uri($darr[0]), ENT_QUOTES); ?>" title="<?= __('View packages details for').' '.$darr[0].$darr[1]?>"><?= $darr[0].$darr[1]?></a></li>
+ <li><a href="<?= htmlspecialchars(get_pkg_uri($darr[0]), ENT_QUOTES); ?>" title="<?= __('View packages details for').' '. htmlspecialchars($darr[0]) ?>"><?= htmlspecialchars($darr[0]) ?></a><?= htmlspecialchars($darr[1]) ?></li>
<?php else: ?>
- <li><a href="https://www.archlinux.org/packages/?q=<?= urlencode($darr[0])?>" title="<?= __('View packages details for').' '.$darr[0].$darr[1] ?>"><?= $darr[0].$darr[1] ?></a></li>
+ <li><a href="https://www.archlinux.org/packages/?q=<?= urlencode($darr[0])?>" title="<?= __('View packages details for').' ' . htmlspecialchars($darr[0]) ?>"><?= htmlspecialchars($darr[0]) ?></a><?= htmlspecialchars($darr[1]) ?></li>
<?php endif; ?>
<?php endwhile; ?>
</ul>
@@ -206,7 +206,7 @@ if ($row["MaintainerUID"]):
# darr: (PackageName, PackageID)
while (list($k, $darr) = each($requiredby)):
?>
- <li><a href="<?= htmlspecialchars(get_pkg_uri($darr[0]), ENT_QUOTES); ?>" title="<?= __('View packages details for').' '.$darr[0]?>"><?= $darr[0] ?></a></li>
+ <li><a href="<?= htmlspecialchars(get_pkg_uri($darr[0]), ENT_QUOTES); ?>" title="<?= __('View packages details for').' ' . htmlspecialchars($darr[0]) ?>"><?= htmlspecialchars($darr[0]) ?></a></li>
<?php endwhile; ?>
</ul>
<?php endif; ?>