diff options
| author | Andreas Gohr <andi@splitbrain.org> | 2008-05-04 18:31:49 +0200 |
|---|---|---|
| committer | Andreas Gohr <andi@splitbrain.org> | 2008-05-04 18:31:49 +0200 |
| commit | ebbef3b12bf9150995d42ebb1bb170b38169b443 (patch) | |
| tree | bc6882a79ac01b69a6c01820af8e82fadbace724 | |
| parent | 0265c2046291f04cccff5234f3b9d47630d77192 (diff) | |
| download | rpg-ebbef3b12bf9150995d42ebb1bb170b38169b443.tar.gz rpg-ebbef3b12bf9150995d42ebb1bb170b38169b443.tar.bz2 | |
fix for possible XSS vulnerability in html_revisions()
darcs-hash:20080504163149-7ad00-807016f20298b25c1a3df2040b051c02e6ce2d91.gz
| -rw-r--r-- | inc/html.php | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/inc/html.php b/inc/html.php index 9ba00b58d..ba4e54d8c 100644 --- a/inc/html.php +++ b/inc/html.php @@ -431,9 +431,9 @@ function html_revisions($first=0){ print '<a class="wikilink1" href="'.wl($ID).'">'.$ID.'</a> '; print ' – '; - print $INFO['sum']; + print htmlspecialchars($INFO['sum']); print ' <span class="user">'; - print (empty($INFO['editor']))?('('.$lang['external_edit'].')'):$INFO['editor']; + print (empty($INFO['editor']))?('('.$lang['external_edit'].')'):htmlspecialchars($INFO['editor']); print '</span> '; print '('.$lang['current'].')'; @@ -477,7 +477,7 @@ function html_revisions($first=0){ print htmlspecialchars($info['sum']); print ' <span class="user">'; if($info['user']){ - print $info['user']; + print htmlspecialchars($info['user']); }else{ print $info['ip']; } @@ -571,7 +571,7 @@ function html_recent($first=0){ print ' <span class="user">'; if($recent['user']){ - print $recent['user']; + print htmlspecialchars($recent['user']); }else{ print $recent['ip']; } |