summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorpjmattal <pjmattal>2005-04-22 03:55:35 +0000
committerpjmattal <pjmattal>2005-04-22 03:55:35 +0000
commit7246c45eb391d144ece17f27bd7f026fa64ca2de (patch)
treea3a2ece43b3def233cb330ac331ec95554c111f3
parent890e26ca23be2a1a94bca4a803e074806a0228a1 (diff)
downloadaurweb-7246c45eb391d144ece17f27bd7f026fa64ca2de.tar.xz
added strip_tags() and htmlspecialchars() to improve comments safety
-rw-r--r--web/lib/pkgfuncs.inc2
1 files changed, 1 insertions, 1 deletions
diff --git a/web/lib/pkgfuncs.inc b/web/lib/pkgfuncs.inc
index 3c72f8a..9e1a912 100644
--- a/web/lib/pkgfuncs.inc
+++ b/web/lib/pkgfuncs.inc
@@ -403,7 +403,7 @@ function package_details($id=0) {
print "</span>";
print "<tr><td class='boxSoft'>";
print "<code>\n";
- print str_replace('"',"&quot;", stripslashes($carr["Comments"]));
+ print str_replace('"',"&quot;", htmlspecialchars(strip_tags(stripslashes($carr["Comments"]))));
print "</code>\n";
print "</td></tr>\n";
print "</table>\n";