From 3aa2240b7dc281b37716a29025b08baf1318d059 Mon Sep 17 00:00:00 2001
From: Lukas Fleischer <archlinux@cryptocrack.de>
Date: Wed, 30 Mar 2011 10:49:51 +0200
Subject: Fix XSS vulnerabilities in package comment templates.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
---
 web/template/pkg_comments.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'web/template/pkg_comments.php')

diff --git a/web/template/pkg_comments.php b/web/template/pkg_comments.php
index 8e64e11..aed9ca8 100644
--- a/web/template/pkg_comments.php
+++ b/web/template/pkg_comments.php
@@ -39,7 +39,7 @@ while (list($indx, $carr) = each($comments)) { ?>
 $count = package_comments_count($_GET['ID']);
 if ($count > 10 && !isset($_GET['comments'])) {
 	echo '<div class="pgbox">';
-	echo '<a href="'. $_SERVER['PHP_SELF'] . '?ID=' . $_REQUEST['ID'] . '&comments=all">'. __('Show all %s comments', $count) . '</a>';
+	echo '<a href="'. $_SERVER['REQUEST_URI'] . '&comments=all">'. __('Show all %s comments', $count) . '</a>';
 	echo '</div>';
 }
 ?>
-- 
cgit v1.2.3-54-g00ecf