Fixed: HTML vulnerability (Cross Site Scripting)
git-svn-id: http://piwigo.org/svn/trunk@1696 68402e56-0260-453c-a942-63ccdbb3a9ee
This commit is contained in:
parent
aa5f1e3358
commit
60bcda3564
2 changed files with 3 additions and 3 deletions
|
@ -477,7 +477,7 @@ $template->assign_vars(
|
|||
'U_HELP' => PHPWG_ROOT_PATH.'popuphelp.php?page=user_list',
|
||||
|
||||
'F_ADD_ACTION' => $base_url,
|
||||
'F_USERNAME' => @$_GET['username'],
|
||||
'F_USERNAME' => @htmlentities($_GET['username']),
|
||||
'F_FILTER_ACTION' => PHPWG_ROOT_PATH.'admin.php'
|
||||
));
|
||||
|
||||
|
|
|
@ -193,8 +193,8 @@ $template->assign_vars(
|
|||
'L_COMMENT_TITLE' => $title,
|
||||
|
||||
'F_ACTION'=>PHPWG_ROOT_PATH.'comments.php',
|
||||
'F_KEYWORD'=>@$_GET['keyword'],
|
||||
'F_AUTHOR'=>@$_GET['author'],
|
||||
'F_KEYWORD'=>@htmlentities($_GET['keyword']),
|
||||
'F_AUTHOR'=>@htmlentities($_GET['author']),
|
||||
|
||||
'U_HOME' => make_index_url(),
|
||||
)
|
||||
|
|
Loading…
Add table
Reference in a new issue