From 4161e147969a3445ffd84dcd10b99baaee523bce Mon Sep 17 00:00:00 2001 From: canyonknight Date: Tue, 6 Nov 2012 17:13:45 -0500 Subject: pkg_details.php: Fix potential XSS for package names and dep conditions Package names and dep conditions can be specially crafted for an XSS attack. Properly sanitize these variables on the package details page. In addition, avoid including dep conditions as part of a package link. Signed-off-by: canyonknight Signed-off-by: Lukas Fleischer --- web/template/pkg_details.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/web/template/pkg_details.php b/web/template/pkg_details.php index cdf2764c..b5d8a9f6 100644 --- a/web/template/pkg_details.php +++ b/web/template/pkg_details.php @@ -190,9 +190,9 @@ if ($row["MaintainerUID"]): # darr: (DepName, DepCondition, PackageID), where ID is NULL if it didn't exist if (!is_null($darr[2])): ?> -
  • +
  • -
  • +
  • @@ -206,7 +206,7 @@ if ($row["MaintainerUID"]): # darr: (PackageName, PackageID) while (list($k, $darr) = each($requiredby)): ?> -
  • +
  • -- cgit v1.2.3-24-g4f1b