diff options
| author | rub <rub@piwigo.org> | 2007-01-03 23:28:09 +0000 |
|---|---|---|
| committer | rub <rub@piwigo.org> | 2007-01-03 23:28:09 +0000 |
| commit | 60bcda3564dd3e2f9d74a0980b95290f373e6817 (patch) | |
| tree | db91e3861d24b74c3fd28d9ce867c825cf499105 | |
| parent | aa5f1e3358e0123d785755d90d25a5cee340f754 (diff) | |
Fixed: HTML vulnerability (Cross Site Scripting)
git-svn-id: http://piwigo.org/svn/trunk@1696 68402e56-0260-453c-a942-63ccdbb3a9ee
| -rw-r--r-- | admin/user_list.php | 2 | ||||
| -rw-r--r-- | comments.php | 4 |
2 files changed, 3 insertions, 3 deletions
diff --git a/admin/user_list.php b/admin/user_list.php index 101c4df7a..69d46e6d2 100644 --- a/admin/user_list.php +++ b/admin/user_list.php @@ -477,7 +477,7 @@ $template->assign_vars( 'U_HELP' => PHPWG_ROOT_PATH.'popuphelp.php?page=user_list', 'F_ADD_ACTION' => $base_url, - 'F_USERNAME' => @$_GET['username'], + 'F_USERNAME' => @htmlentities($_GET['username']), 'F_FILTER_ACTION' => PHPWG_ROOT_PATH.'admin.php' )); diff --git a/comments.php b/comments.php index 771d23ea7..5f043d58c 100644 --- a/comments.php +++ b/comments.php @@ -193,8 +193,8 @@ $template->assign_vars( 'L_COMMENT_TITLE' => $title, 'F_ACTION'=>PHPWG_ROOT_PATH.'comments.php', - 'F_KEYWORD'=>@$_GET['keyword'], - 'F_AUTHOR'=>@$_GET['author'], + 'F_KEYWORD'=>@htmlentities($_GET['keyword']), + 'F_AUTHOR'=>@htmlentities($_GET['author']), 'U_HOME' => make_index_url(), ) |