diff options
author | Lukas Fleischer <archlinux@cryptocrack.de> | 2011-03-30 11:10:16 +0200 |
---|---|---|
committer | Lukas Fleischer <archlinux@cryptocrack.de> | 2011-03-30 11:10:16 +0200 |
commit | 2eb45e7d9ed0c538ff920b3e5243dfd83bc07826 (patch) | |
tree | e6e45b13d318d65fb2cd2e70637602256e7afd45 /web | |
parent | 55eb55a75faf38586ba646ac7e446db700d11ada (diff) | |
download | aur-2eb45e7d9ed0c538ff920b3e5243dfd83bc07826.tar.gz aur-2eb45e7d9ed0c538ff920b3e5243dfd83bc07826.tar.xz |
Fix XSS vulnerabilities in "web/html/voters.php".
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Diffstat (limited to 'web')
-rw-r--r-- | web/html/voters.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/web/html/voters.php b/web/html/voters.php index f4d72f40..6a168182 100644 --- a/web/html/voters.php +++ b/web/html/voters.php @@ -13,7 +13,7 @@ function getvotes($pkgid) { $SID = $_COOKIE['AURSID']; -$pkgid = $_GET['ID']; +$pkgid = intval($_GET['ID']); $votes = getvotes($pkgid); $account = account_from_sid($SID); @@ -29,7 +29,7 @@ if ($account == 'Trusted User' || $account == 'Developer') { $username = $row['Username']; ?> <a href="account.php?Action=AccountInfo&ID=<?php echo $uid ?>"> -<?php echo $username ?></a><br /> +<?php echo htmlspecialchars($username) ?></a><br /> <?php } ?> |