From 3aa2240b7dc281b37716a29025b08baf1318d059 Mon Sep 17 00:00:00 2001 From: Lukas Fleischer Date: Wed, 30 Mar 2011 10:49:51 +0200 Subject: Fix XSS vulnerabilities in package comment templates. Signed-off-by: Lukas Fleischer --- web/template/pkg_comment_form.php | 4 ++-- web/template/pkg_comments.php | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/web/template/pkg_comment_form.php b/web/template/pkg_comment_form.php index 346fb6a8..72ad3fa3 100644 --- a/web/template/pkg_comment_form.php +++ b/web/template/pkg_comment_form.php @@ -50,14 +50,14 @@ if (isset($_REQUEST['comment'])) { # Prompt visitor for comment ?>
-
' method='post'> + ' method='post'>
' . __('Comment has been added.') . ''; } ?> - +

" /> diff --git a/web/template/pkg_comments.php b/web/template/pkg_comments.php index 8e64e11a..aed9ca8b 100644 --- a/web/template/pkg_comments.php +++ b/web/template/pkg_comments.php @@ -39,7 +39,7 @@ while (list($indx, $carr) = each($comments)) { ?> $count = package_comments_count($_GET['ID']); if ($count > 10 && !isset($_GET['comments'])) { echo ''; } ?> -- cgit v1.2.3-24-g4f1b