Fixed: HTML vulnerability (Cross Site Scripting)

git-svn-id: http://piwigo.org/svn/trunk@1696 68402e56-0260-453c-a942-63ccdbb3a9ee
This commit is contained in:
rub 2007-01-03 23:28:09 +00:00
parent aa5f1e3358
commit 60bcda3564
2 changed files with 3 additions and 3 deletions

View file

@ -477,7 +477,7 @@ $template->assign_vars(
'U_HELP' => PHPWG_ROOT_PATH.'popuphelp.php?page=user_list',
'F_ADD_ACTION' => $base_url,
'F_USERNAME' => @$_GET['username'],
'F_USERNAME' => @htmlentities($_GET['username']),
'F_FILTER_ACTION' => PHPWG_ROOT_PATH.'admin.php'
));

View file

@ -193,8 +193,8 @@ $template->assign_vars(
'L_COMMENT_TITLE' => $title,
'F_ACTION'=>PHPWG_ROOT_PATH.'comments.php',
'F_KEYWORD'=>@$_GET['keyword'],
'F_AUTHOR'=>@$_GET['author'],
'F_KEYWORD'=>@htmlentities($_GET['keyword']),
'F_AUTHOR'=>@htmlentities($_GET['author']),
'U_HOME' => make_index_url(),
)