From 2eb45e7d9ed0c538ff920b3e5243dfd83bc07826 Mon Sep 17 00:00:00 2001
From: Lukas Fleischer <archlinux@cryptocrack.de>
Date: Wed, 30 Mar 2011 11:10:16 +0200
Subject: Fix XSS vulnerabilities in "web/html/voters.php".

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
---
 web/html/voters.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/web/html/voters.php b/web/html/voters.php
index f4d72f40..6a168182 100644
--- a/web/html/voters.php
+++ b/web/html/voters.php
@@ -13,7 +13,7 @@ function getvotes($pkgid) {
 
 $SID = $_COOKIE['AURSID'];
 
-$pkgid = $_GET['ID'];
+$pkgid = intval($_GET['ID']);
 $votes = getvotes($pkgid);
 $account = account_from_sid($SID);
 
@@ -29,7 +29,7 @@ if ($account == 'Trusted User' || $account == 'Developer') {
 		$username = $row['Username'];
 ?>
 <a href="account.php?Action=AccountInfo&amp;ID=<?php echo $uid ?>">
-<?php echo $username ?></a><br />
+<?php echo htmlspecialchars($username) ?></a><br />
 <?php
 	}
 ?>
-- 
cgit v1.2.3-24-g4f1b