summaryrefslogtreecommitdiffstats
path: root/web/template/pkg_search_results.php
diff options
context:
space:
mode:
authorLukas Fleischer <archlinux@cryptocrack.de>2011-03-11 19:15:04 +0100
committerLukas Fleischer <archlinux@cryptocrack.de>2011-03-11 19:15:04 +0100
commit9b112a56d0e3c93e062d1382527a27fc44518916 (patch)
treeef9be27f1235fb01562f8adbdf6660a2c45bcce0 /web/template/pkg_search_results.php
parent7f9e498e48c4e5d056ee988a23dedb8ca98b11cd (diff)
downloadaurweb-9b112a56d0e3c93e062d1382527a27fc44518916.tar.xz
Fix XSS vulnerability in package search results and package details.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Diffstat (limited to 'web/template/pkg_search_results.php')
-rw-r--r--web/template/pkg_search_results.php6
1 files changed, 3 insertions, 3 deletions
diff --git a/web/template/pkg_search_results.php b/web/template/pkg_search_results.php
index 40ad029..d32b6c4 100644
--- a/web/template/pkg_search_results.php
+++ b/web/template/pkg_search_results.php
@@ -56,8 +56,8 @@ for ($i = 0; $row = mysql_fetch_assoc($result); $i++) {
<?php if ($SID): ?>
<td class='<?php print $c ?>'><input type='checkbox' name='IDs[<?php print $row["ID"] ?>]' value='1' /></td>
<?php endif; ?>
- <td class='<?php print $c ?>'><span class='f5'><span class='blue'><?php print $row["Category"] ?></span></span></td>
- <td class='<?php print $c ?>'><span class='f4'><a href='packages.php?ID=<?php print $row["ID"] ?>'><span class='black'><?php print $row["Name"] ?> <?php print $row["Version"] ?></span></a></span></td>
+ <td class='<?php print $c ?>'><span class='f5'><span class='blue'><?php print htmlspecialchars($row["Category"]) ?></span></span></td>
+ <td class='<?php print $c ?>'><span class='f4'><a href='packages.php?ID=<?php print $row["ID"] ?>'><span class='black'><?php print htmlspecialchars($row["Name"]) ?> <?php print htmlspecialchars($row["Version"]) ?></span></a></span></td>
<td class='<?php print $c ?>' style="text-align: right"><span class='f5'><span class='blue'><?php print $row["NumVotes"] ?></span></span></td>
<?php if ($SID): ?>
<td class='<?php print $c ?>'><span class='f5'><span class='blue'>
@@ -77,7 +77,7 @@ for ($i = 0; $row = mysql_fetch_assoc($result); $i++) {
<?php print htmlspecialchars($row['Description'], ENT_QUOTES); ?></span></span></td>
<td class='<?php print $c ?>'><span class='f5'><span class='blue'>
<?php if (isset($row["Maintainer"])): ?>
- <a href='packages.php?K=<?php print $row['Maintainer'] ?>&amp;SeB=m'><?php print $row['Maintainer'] ?></a>
+ <a href='packages.php?K=<?php print htmlspecialchars($row['Maintainer'], ENT_QUOTES) ?>&amp;SeB=m'><?php print htmlspecialchars($row['Maintainer']) ?></a>
<?php else: ?>
<span style='color: blue; font-style: italic;'><?php print __("orphan") ?></span>
<?php endif; ?>