Fix some more XSS vulnerabilities

Escape strings properly using htmlspecialchars(). Seems like we missed these in former cleanups. Fixes FS#28515. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
author: Lukas Fleischer <archlinux@cryptocrack.de> 2012-02-19 04:10:12 +0100
committer: Lukas Fleischer <archlinux@cryptocrack.de> 2012-02-19 04:48:31 +0100
commit: 6f6904db3fa4921abc92b936dbc50bfdea0cb225 (patch)
tree: d1d0fe4126c7fb64eda3095bf2b8b10be0b80343 /web/template/header.php
parent: e53b91fe52be262d94a45769814c1e87c796988b (diff)
download: aur-6f6904db3fa4921abc92b936dbc50bfdea0cb225.tar.gz
aur-6f6904db3fa4921abc92b936dbc50bfdea0cb225.tar.xz
1 files changed, 1 insertions, 1 deletions
diff --git a/web/template/header.php b/web/template/header.php
index 8313bb36..578fcb9a 100644
--- a/web/template/header.php
+++ b/web/template/header.php
@@ -4,7 +4,7 @@
 <html xmlns="http://www.w3.org/1999/xhtml"
 	xml:lang="<?php print "$LANG\" lang=\"$LANG"; ?>">
   <head>
-    <title>AUR (<?php print $LANG; ?>)<?php if ($title != "") { print " - " . $title; } ?></title>
+    <title>AUR (<?php print htmlspecialchars($LANG); ?>)<?php if ($title != "") { print " - " . htmlspecialchars($title); } ?></title>
 	<link rel='stylesheet' type='text/css' href='css/fonts.css' />
 	<link rel='stylesheet' type='text/css' href='css/containers.css' />
 	<link rel='stylesheet' type='text/css' href='css/arch.css' />
author	Lukas Fleischer <archlinux@cryptocrack.de>	2012-02-19 04:10:12 +0100
committer	Lukas Fleischer <archlinux@cryptocrack.de>	2012-02-19 04:48:31 +0100
commit	6f6904db3fa4921abc92b936dbc50bfdea0cb225 (patch)
tree	d1d0fe4126c7fb64eda3095bf2b8b10be0b80343 /web/template/header.php
parent	e53b91fe52be262d94a45769814c1e87c796988b (diff)
download	aur-6f6904db3fa4921abc92b936dbc50bfdea0cb225.tar.gz aur-6f6904db3fa4921abc92b936dbc50bfdea0cb225.tar.xz