diff options
author | rub <rub@piwigo.org> | 2007-01-03 23:27:32 +0000 |
---|---|---|
committer | rub <rub@piwigo.org> | 2007-01-03 23:27:32 +0000 |
commit | d9d37d76c66c8bd5cdccba08ea7bbd050d70f408 (patch) | |
tree | 5cdfc07fc5a9e05216ab8867257607b30d9fbe90 /admin | |
parent | 4c360b36821fcaf56a58b4f1b235ec2ac6826c05 (diff) |
Fixed: HTML vulnerability (Cross Site Scripting).
Fixed: All comments are displayed on comments.php
git-svn-id: http://piwigo.org/svn/branches/branch-1_6@1695 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'admin')
-rw-r--r-- | admin/user_list.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/admin/user_list.php b/admin/user_list.php index c1e6fac2c..21ba58806 100644 --- a/admin/user_list.php +++ b/admin/user_list.php @@ -485,7 +485,7 @@ $template->assign_vars( 'U_HELP' => PHPWG_ROOT_PATH.'popuphelp.php?page=user_list', 'F_ADD_ACTION' => $base_url, - 'F_USERNAME' => @$_GET['username'], + 'F_USERNAME' => @htmlentities($_GET['username']), 'F_FILTER_ACTION' => PHPWG_ROOT_PATH.'admin.php' )); |