From 7246c45eb391d144ece17f27bd7f026fa64ca2de Mon Sep 17 00:00:00 2001
From: pjmattal <pjmattal>
Date: Fri, 22 Apr 2005 03:55:35 +0000
Subject: added strip_tags() and htmlspecialchars() to improve comments safety

---
 web/lib/pkgfuncs.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'web')

diff --git a/web/lib/pkgfuncs.inc b/web/lib/pkgfuncs.inc
index 3c72f8a..9e1a912 100644
--- a/web/lib/pkgfuncs.inc
+++ b/web/lib/pkgfuncs.inc
@@ -403,7 +403,7 @@ function package_details($id=0) {
 					print "</span>";
 					print "<tr><td class='boxSoft'>";
 					print "<code>\n";
-					print str_replace('"',"&quot;", stripslashes($carr["Comments"]));
+					print str_replace('"',"&quot;", htmlspecialchars(strip_tags(stripslashes($carr["Comments"]))));
 					print "</code>\n";
 					print "</td></tr>\n";
 					print "</table>\n";
-- 
cgit v1.2.3-54-g00ecf