diff options
author | Lukas Fleischer <archlinux@cryptocrack.de> | 2011-03-11 19:15:04 +0100 |
---|---|---|
committer | Lukas Fleischer <archlinux@cryptocrack.de> | 2011-03-11 19:15:04 +0100 |
commit | 9b112a56d0e3c93e062d1382527a27fc44518916 (patch) | |
tree | ef9be27f1235fb01562f8adbdf6660a2c45bcce0 /web/template/pkg_search_results.php | |
parent | 7f9e498e48c4e5d056ee988a23dedb8ca98b11cd (diff) | |
download | aurweb-9b112a56d0e3c93e062d1382527a27fc44518916.tar.xz |
Fix XSS vulnerability in package search results and package details.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Diffstat (limited to 'web/template/pkg_search_results.php')
-rw-r--r-- | web/template/pkg_search_results.php | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/web/template/pkg_search_results.php b/web/template/pkg_search_results.php index 40ad029..d32b6c4 100644 --- a/web/template/pkg_search_results.php +++ b/web/template/pkg_search_results.php @@ -56,8 +56,8 @@ for ($i = 0; $row = mysql_fetch_assoc($result); $i++) { <?php if ($SID): ?> <td class='<?php print $c ?>'><input type='checkbox' name='IDs[<?php print $row["ID"] ?>]' value='1' /></td> <?php endif; ?> - <td class='<?php print $c ?>'><span class='f5'><span class='blue'><?php print $row["Category"] ?></span></span></td> - <td class='<?php print $c ?>'><span class='f4'><a href='packages.php?ID=<?php print $row["ID"] ?>'><span class='black'><?php print $row["Name"] ?> <?php print $row["Version"] ?></span></a></span></td> + <td class='<?php print $c ?>'><span class='f5'><span class='blue'><?php print htmlspecialchars($row["Category"]) ?></span></span></td> + <td class='<?php print $c ?>'><span class='f4'><a href='packages.php?ID=<?php print $row["ID"] ?>'><span class='black'><?php print htmlspecialchars($row["Name"]) ?> <?php print htmlspecialchars($row["Version"]) ?></span></a></span></td> <td class='<?php print $c ?>' style="text-align: right"><span class='f5'><span class='blue'><?php print $row["NumVotes"] ?></span></span></td> <?php if ($SID): ?> <td class='<?php print $c ?>'><span class='f5'><span class='blue'> @@ -77,7 +77,7 @@ for ($i = 0; $row = mysql_fetch_assoc($result); $i++) { <?php print htmlspecialchars($row['Description'], ENT_QUOTES); ?></span></span></td> <td class='<?php print $c ?>'><span class='f5'><span class='blue'> <?php if (isset($row["Maintainer"])): ?> - <a href='packages.php?K=<?php print $row['Maintainer'] ?>&SeB=m'><?php print $row['Maintainer'] ?></a> + <a href='packages.php?K=<?php print htmlspecialchars($row['Maintainer'], ENT_QUOTES) ?>&SeB=m'><?php print htmlspecialchars($row['Maintainer']) ?></a> <?php else: ?> <span style='color: blue; font-style: italic;'><?php print __("orphan") ?></span> <?php endif; ?> |