diff options
| author | Lukas Fleischer <archlinux@cryptocrack.de> | 2012-02-19 04:10:12 +0100 |
|---|---|---|
| committer | Lukas Fleischer <archlinux@cryptocrack.de> | 2012-02-19 04:48:31 +0100 |
| commit | 6f6904db3fa4921abc92b936dbc50bfdea0cb225 (patch) | |
| tree | d1d0fe4126c7fb64eda3095bf2b8b10be0b80343 /web/template/stats | |
| parent | e53b91fe52be262d94a45769814c1e87c796988b (diff) | |
| download | aur-6f6904db3fa4921abc92b936dbc50bfdea0cb225.tar.gz aur-6f6904db3fa4921abc92b936dbc50bfdea0cb225.tar.xz | |
Fix some more XSS vulnerabilities
Escape strings properly using htmlspecialchars(). Seems like we missed
these in former cleanups. Fixes FS#28515.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Diffstat (limited to 'web/template/stats')
| -rw-r--r-- | web/template/stats/updates_table.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/web/template/stats/updates_table.php b/web/template/stats/updates_table.php index a8cdf5aa..8da67320 100644 --- a/web/template/stats/updates_table.php +++ b/web/template/stats/updates_table.php @@ -11,7 +11,7 @@ <td class="boxSoft"> <span class="f4"><span class="blue"> <a href="packages.php?ID=<?php print intval($row["ID"]); ?>"> -<?php print $row["Name"] . ' ' . $row["Version"]; ?> +<?php print htmlspecialchars($row["Name"]) . ' ' . htmlspecialchars($row["Version"]); ?> </a></span></span> </td> <td class="boxSoft"> |