From 19789c3f759f4162a2eaa4ccc0b6fe0df51957ca Mon Sep 17 00:00:00 2001
From: Lukas Fleischer <archlinux@cryptocrack.de>
Date: Sun, 19 Feb 2012 04:49:54 +0100
Subject: Escape all output strings in the header and footer

Escape each output string using htmlspecialchars(). These aren't
exploitable; it's still better to escape them properly.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
---
 web/template/footer.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'web/template/footer.php')

diff --git a/web/template/footer.php b/web/template/footer.php
index 435de5c..0948f68 100644
--- a/web/template/footer.php
+++ b/web/template/footer.php
@@ -2,7 +2,7 @@
 	<!-- End of main content -->
 <?php
 	if ($ver) {
-		echo "<div class=\"pgbox version\">$ver</div>";
+		echo "<div class=\"pgbox version\">" . htmlspecialchars($ver) . "</div>";
 	}
 ?>
 	</body>
-- 
cgit v1.2.3-54-g00ecf