From 9b112a56d0e3c93e062d1382527a27fc44518916 Mon Sep 17 00:00:00 2001
From: Lukas Fleischer <archlinux@cryptocrack.de>
Date: Fri, 11 Mar 2011 19:15:04 +0100
Subject: Fix XSS vulnerability in package search results and package details.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
---
 web/template/pkg_search_results.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'web/template/pkg_search_results.php')

diff --git a/web/template/pkg_search_results.php b/web/template/pkg_search_results.php
index 40ad029f..d32b6c4a 100644
--- a/web/template/pkg_search_results.php
+++ b/web/template/pkg_search_results.php
@@ -56,8 +56,8 @@ for ($i = 0; $row = mysql_fetch_assoc($result); $i++) {
 	<?php if ($SID): ?>
 	<td class='<?php print $c ?>'><input type='checkbox' name='IDs[<?php print $row["ID"] ?>]' value='1' /></td>
 	<?php endif; ?>
-	<td class='<?php print $c ?>'><span class='f5'><span class='blue'><?php print $row["Category"] ?></span></span></td>
-	<td class='<?php print $c ?>'><span class='f4'><a href='packages.php?ID=<?php print $row["ID"] ?>'><span class='black'><?php print $row["Name"] ?> <?php print $row["Version"] ?></span></a></span></td>
+	<td class='<?php print $c ?>'><span class='f5'><span class='blue'><?php print htmlspecialchars($row["Category"]) ?></span></span></td>
+	<td class='<?php print $c ?>'><span class='f4'><a href='packages.php?ID=<?php print $row["ID"] ?>'><span class='black'><?php print htmlspecialchars($row["Name"]) ?> <?php print htmlspecialchars($row["Version"]) ?></span></a></span></td>
 	<td class='<?php print $c ?>' style="text-align: right"><span class='f5'><span class='blue'><?php print $row["NumVotes"] ?></span></span></td>
 	<?php if ($SID): ?>
 	<td class='<?php print $c ?>'><span class='f5'><span class='blue'>
@@ -77,7 +77,7 @@ for ($i = 0; $row = mysql_fetch_assoc($result); $i++) {
 	<?php print htmlspecialchars($row['Description'], ENT_QUOTES); ?></span></span></td>
 	<td class='<?php print $c ?>'><span class='f5'><span class='blue'>
 	<?php if (isset($row["Maintainer"])): ?>
-	<a href='packages.php?K=<?php print $row['Maintainer'] ?>&amp;SeB=m'><?php print $row['Maintainer'] ?></a>
+	<a href='packages.php?K=<?php print htmlspecialchars($row['Maintainer'], ENT_QUOTES) ?>&amp;SeB=m'><?php print htmlspecialchars($row['Maintainer']) ?></a>
 	<?php else: ?>
 	<span style='color: blue; font-style: italic;'><?php print __("orphan") ?></span>
 	<?php endif; ?>
-- 
cgit v1.2.3-24-g4f1b