From 3aa2240b7dc281b37716a29025b08baf1318d059 Mon Sep 17 00:00:00 2001
From: Lukas Fleischer <archlinux@cryptocrack.de>
Date: Wed, 30 Mar 2011 10:49:51 +0200
Subject: Fix XSS vulnerabilities in package comment templates.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
---
 web/template/pkg_comment_form.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'web/template/pkg_comment_form.php')

diff --git a/web/template/pkg_comment_form.php b/web/template/pkg_comment_form.php
index 346fb6a..72ad3fa 100644
--- a/web/template/pkg_comment_form.php
+++ b/web/template/pkg_comment_form.php
@@ -50,14 +50,14 @@ if (isset($_REQUEST['comment'])) {
 	# Prompt visitor for comment
 ?>
 <div class="pgbox">
-	<form action='<?php echo $_SERVER['PHP_SELF'] . '?ID=' . $_REQUEST['ID'] ?>' method='post'>
+	<form action='<?php echo $_SERVER['REQUEST_URI'] ?>' method='post'>
 	<div style="padding: 1%">
 <?php
 if (isset($_REQUEST['comment'])) {
 	echo '<b>' . __('Comment has been added.') . '</b>';
 }
 ?>
-	<input type='hidden' name='ID' value="<?php echo $_REQUEST['ID'] ?>" />
+	<input type='hidden' name='ID' value="<?php echo intval($_REQUEST['ID']) ?>" />
 	<?php echo __('Enter your comment below.') ?><br />
 	<textarea name='comment' cols='80' rows='10' style="width: 100%"></textarea><br />
 	<input type='submit' value="<?php echo __("Submit") ?>" />
-- 
cgit v1.2.3-70-g09d2