aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorrub <rub@piwigo.org>2007-01-03 23:28:09 +0000
committerrub <rub@piwigo.org>2007-01-03 23:28:09 +0000
commit60bcda3564dd3e2f9d74a0980b95290f373e6817 (patch)
treedb91e3861d24b74c3fd28d9ce867c825cf499105
parentaa5f1e3358e0123d785755d90d25a5cee340f754 (diff)
Fixed: HTML vulnerability (Cross Site Scripting)
git-svn-id: http://piwigo.org/svn/trunk@1696 68402e56-0260-453c-a942-63ccdbb3a9ee
-rw-r--r--admin/user_list.php2
-rw-r--r--comments.php4
2 files changed, 3 insertions, 3 deletions
diff --git a/admin/user_list.php b/admin/user_list.php
index 101c4df7a..69d46e6d2 100644
--- a/admin/user_list.php
+++ b/admin/user_list.php
@@ -477,7 +477,7 @@ $template->assign_vars(
'U_HELP' => PHPWG_ROOT_PATH.'popuphelp.php?page=user_list',
'F_ADD_ACTION' => $base_url,
- 'F_USERNAME' => @$_GET['username'],
+ 'F_USERNAME' => @htmlentities($_GET['username']),
'F_FILTER_ACTION' => PHPWG_ROOT_PATH.'admin.php'
));
diff --git a/comments.php b/comments.php
index 771d23ea7..5f043d58c 100644
--- a/comments.php
+++ b/comments.php
@@ -193,8 +193,8 @@ $template->assign_vars(
'L_COMMENT_TITLE' => $title,
'F_ACTION'=>PHPWG_ROOT_PATH.'comments.php',
- 'F_KEYWORD'=>@$_GET['keyword'],
- 'F_AUTHOR'=>@$_GET['author'],
+ 'F_KEYWORD'=>@htmlentities($_GET['keyword']),
+ 'F_AUTHOR'=>@htmlentities($_GET['author']),
'U_HOME' => make_index_url(),
)