Fix XSS vulnerabilities in "web/html/voters.php".

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
author: Lukas Fleischer <archlinux@cryptocrack.de> 2011-03-30 11:10:16 +0200
committer: Lukas Fleischer <archlinux@cryptocrack.de> 2011-03-30 11:10:16 +0200
commit: 2eb45e7d9ed0c538ff920b3e5243dfd83bc07826 (patch)
tree: e6e45b13d318d65fb2cd2e70637602256e7afd45 /web/html/voters.php
parent: 55eb55a75faf38586ba646ac7e446db700d11ada (diff)
download: aurweb-2eb45e7d9ed0c538ff920b3e5243dfd83bc07826.tar.xz
1 files changed, 2 insertions, 2 deletions
diff --git a/web/html/voters.php b/web/html/voters.php
index f4d72f4..6a16818 100644
--- a/web/html/voters.php
+++ b/web/html/voters.php
@@ -13,7 +13,7 @@ function getvotes($pkgid) {
 
 $SID = $_COOKIE['AURSID'];
 
-$pkgid = $_GET['ID'];
+$pkgid = intval($_GET['ID']);
 $votes = getvotes($pkgid);
 $account = account_from_sid($SID);
 
@@ -29,7 +29,7 @@ if ($account == 'Trusted User' || $account == 'Developer') {
 		$username = $row['Username'];
 ?>
 <a href="account.php?Action=AccountInfo&amp;ID=<?php echo $uid ?>">
-<?php echo $username ?></a><br />
+<?php echo htmlspecialchars($username) ?></a><br />
 <?php
 	}
 ?>
author	Lukas Fleischer <archlinux@cryptocrack.de>	2011-03-30 11:10:16 +0200
committer	Lukas Fleischer <archlinux@cryptocrack.de>	2011-03-30 11:10:16 +0200
commit	2eb45e7d9ed0c538ff920b3e5243dfd83bc07826 (patch)
tree	e6e45b13d318d65fb2cd2e70637602256e7afd45 /web/html/voters.php
parent	55eb55a75faf38586ba646ac7e446db700d11ada (diff)
download	aurweb-2eb45e7d9ed0c538ff920b3e5243dfd83bc07826.tar.xz