From 6f6904db3fa4921abc92b936dbc50bfdea0cb225 Mon Sep 17 00:00:00 2001
From: Lukas Fleischer <archlinux@cryptocrack.de>
Date: Sun, 19 Feb 2012 04:10:12 +0100
Subject: Fix some more XSS vulnerabilities

Escape strings properly using htmlspecialchars(). Seems like we missed
these in former cleanups. Fixes FS#28515.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
---
 web/template/stats/updates_table.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'web/template/stats/updates_table.php')

diff --git a/web/template/stats/updates_table.php b/web/template/stats/updates_table.php
index a8cdf5a..8da6732 100644
--- a/web/template/stats/updates_table.php
+++ b/web/template/stats/updates_table.php
@@ -11,7 +11,7 @@
 <td class="boxSoft">
 <span class="f4"><span class="blue">
 <a href="packages.php?ID=<?php print intval($row["ID"]); ?>">
-<?php print $row["Name"] . ' ' . $row["Version"]; ?>
+<?php print htmlspecialchars($row["Name"]) . ' ' . htmlspecialchars($row["Version"]); ?>
 </a></span></span>
 </td>
 <td class="boxSoft">
-- 
cgit v1.2.3-70-g09d2