From 6f6904db3fa4921abc92b936dbc50bfdea0cb225 Mon Sep 17 00:00:00 2001
From: Lukas Fleischer <archlinux@cryptocrack.de>
Date: Sun, 19 Feb 2012 04:10:12 +0100
Subject: Fix some more XSS vulnerabilities

Escape strings properly using htmlspecialchars(). Seems like we missed
these in former cleanups. Fixes FS#28515.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
---
 web/template/pkg_details.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'web/template/pkg_details.php')

diff --git a/web/template/pkg_details.php b/web/template/pkg_details.php
index 880a675..046f836 100644
--- a/web/template/pkg_details.php
+++ b/web/template/pkg_details.php
@@ -69,7 +69,7 @@ $out_of_date_time = ($row["OutOfDateTS"] == 0) ? $msg : gmdate("r", intval($row[
 
 	<p>
 	<span class='f2'><?php echo htmlspecialchars($row['Name']) . ' ' . htmlspecialchars($row['Version']) ?></span><br />
-	<span class='f3'><a href="<?php echo htmlspecialchars($row['URL'], ENT_QUOTES) . '">' . $row['URL'] ?></a></span><br />
+	<span class='f3'><a href="<?php echo htmlspecialchars($row['URL'], ENT_QUOTES) . '">' . htmlspecialchars($row['URL']) ?></a></span><br />
 	<span class='f3'><?php echo htmlspecialchars($row['Description'], ENT_QUOTES); ?></span>
 	</p>
 
-- 
cgit v1.2.3-70-g09d2