summaryrefslogtreecommitdiffstats
path: root/aurweb/git/__init__.py
diff options
context:
space:
mode:
authorLukas Fleischer <lfleischer@archlinux.org>2017-11-05 11:27:36 +0100
committerLukas Fleischer <lfleischer@archlinux.org>2017-11-05 11:28:11 +0100
commite2fa5ea6fa0bf90043e041c7cfc6fa036834758c (patch)
tree08bd2f9d789a4c8c03982f7f669cd046e131cae8 /aurweb/git/__init__.py
parent4efba18f8688431fae58ae1b826b80f95957aec8 (diff)
downloadaur-e2fa5ea6fa0bf90043e041c7cfc6fa036834758c.tar.gz
aur-e2fa5ea6fa0bf90043e041c7cfc6fa036834758c.tar.xz
login.php: Escape quotes in the referer field
Replace special characters in the referer GET parameter using htmlspecialchars() before inserting it into the login form fields to prevent from XSS attacks. Fixes FS#55286. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Diffstat (limited to 'aurweb/git/__init__.py')
0 files changed, 0 insertions, 0 deletions