summaryrefslogtreecommitdiffstats
path: root/web
diff options
context:
space:
mode:
authorLukas Fleischer <archlinux@cryptocrack.de>2011-03-30 11:10:16 +0200
committerLukas Fleischer <archlinux@cryptocrack.de>2011-03-30 11:10:16 +0200
commit2eb45e7d9ed0c538ff920b3e5243dfd83bc07826 (patch)
treee6e45b13d318d65fb2cd2e70637602256e7afd45 /web
parent55eb55a75faf38586ba646ac7e446db700d11ada (diff)
downloadaur-2eb45e7d9ed0c538ff920b3e5243dfd83bc07826.tar.gz
aur-2eb45e7d9ed0c538ff920b3e5243dfd83bc07826.tar.xz
Fix XSS vulnerabilities in "web/html/voters.php".
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Diffstat (limited to 'web')
-rw-r--r--web/html/voters.php4
1 files changed, 2 insertions, 2 deletions
diff --git a/web/html/voters.php b/web/html/voters.php
index f4d72f40..6a168182 100644
--- a/web/html/voters.php
+++ b/web/html/voters.php
@@ -13,7 +13,7 @@ function getvotes($pkgid) {
$SID = $_COOKIE['AURSID'];
-$pkgid = $_GET['ID'];
+$pkgid = intval($_GET['ID']);
$votes = getvotes($pkgid);
$account = account_from_sid($SID);
@@ -29,7 +29,7 @@ if ($account == 'Trusted User' || $account == 'Developer') {
$username = $row['Username'];
?>
<a href="account.php?Action=AccountInfo&amp;ID=<?php echo $uid ?>">
-<?php echo $username ?></a><br />
+<?php echo htmlspecialchars($username) ?></a><br />
<?php
}
?>