From 60bcda3564dd3e2f9d74a0980b95290f373e6817 Mon Sep 17 00:00:00 2001
From: rub <rub@piwigo.org>
Date: Wed, 3 Jan 2007 23:28:09 +0000
Subject: Fixed: HTML vulnerability (Cross Site Scripting)

git-svn-id: http://piwigo.org/svn/trunk@1696 68402e56-0260-453c-a942-63ccdbb3a9ee
---
 admin/user_list.php | 2 +-
 comments.php        | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/admin/user_list.php b/admin/user_list.php
index 101c4df7a..69d46e6d2 100644
--- a/admin/user_list.php
+++ b/admin/user_list.php
@@ -477,7 +477,7 @@ $template->assign_vars(
     'U_HELP' => PHPWG_ROOT_PATH.'popuphelp.php?page=user_list',
 
     'F_ADD_ACTION' => $base_url,
-    'F_USERNAME' => @$_GET['username'],
+    'F_USERNAME' => @htmlentities($_GET['username']),
     'F_FILTER_ACTION' => PHPWG_ROOT_PATH.'admin.php'
     ));
 
diff --git a/comments.php b/comments.php
index 771d23ea7..5f043d58c 100644
--- a/comments.php
+++ b/comments.php
@@ -193,8 +193,8 @@ $template->assign_vars(
     'L_COMMENT_TITLE' => $title,
 
     'F_ACTION'=>PHPWG_ROOT_PATH.'comments.php',
-    'F_KEYWORD'=>@$_GET['keyword'],
-    'F_AUTHOR'=>@$_GET['author'],
+    'F_KEYWORD'=>@htmlentities($_GET['keyword']),
+    'F_AUTHOR'=>@htmlentities($_GET['author']),
 
     'U_HOME' => make_index_url(),
     )
-- 
cgit v1.2.3