summaryrefslogtreecommitdiffstats
path: root/web/template/pkg_details.php
diff options
context:
space:
mode:
authorLukas Fleischer <archlinux@cryptocrack.de>2012-02-19 04:10:12 +0100
committerLukas Fleischer <archlinux@cryptocrack.de>2012-02-19 04:48:31 +0100
commit6f6904db3fa4921abc92b936dbc50bfdea0cb225 (patch)
treed1d0fe4126c7fb64eda3095bf2b8b10be0b80343 /web/template/pkg_details.php
parente53b91fe52be262d94a45769814c1e87c796988b (diff)
downloadaurweb-6f6904db3fa4921abc92b936dbc50bfdea0cb225.tar.xz
Fix some more XSS vulnerabilities
Escape strings properly using htmlspecialchars(). Seems like we missed these in former cleanups. Fixes FS#28515. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Diffstat (limited to 'web/template/pkg_details.php')
-rw-r--r--web/template/pkg_details.php2
1 files changed, 1 insertions, 1 deletions
diff --git a/web/template/pkg_details.php b/web/template/pkg_details.php
index 880a675..046f836 100644
--- a/web/template/pkg_details.php
+++ b/web/template/pkg_details.php
@@ -69,7 +69,7 @@ $out_of_date_time = ($row["OutOfDateTS"] == 0) ? $msg : gmdate("r", intval($row[
<p>
<span class='f2'><?php echo htmlspecialchars($row['Name']) . ' ' . htmlspecialchars($row['Version']) ?></span><br />
- <span class='f3'><a href="<?php echo htmlspecialchars($row['URL'], ENT_QUOTES) . '">' . $row['URL'] ?></a></span><br />
+ <span class='f3'><a href="<?php echo htmlspecialchars($row['URL'], ENT_QUOTES) . '">' . htmlspecialchars($row['URL']) ?></a></span><br />
<span class='f3'><?php echo htmlspecialchars($row['Description'], ENT_QUOTES); ?></span>
</p>