external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Escape all output strings in the header and footer

Browse source 
Escape each output string using htmlspecialchars(). These aren't
exploitable; it's still better to escape them properly.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This commit is contained in:
Lukas Fleischer 2012-02-19 04:49:54 +01:00
parent 6f6904db3f
commit 19789c3f75
2 changed files with 4 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

2
web/template/footer.php
View file

@ -2,7 +2,7 @@
<!-- End of main content -->
<?php
if ($ver) {
echo "<div class=\"pgbox version\">$ver</div>";
echo "<div class=\"pgbox version\">" . htmlspecialchars($ver) . "</div>";
}
?>
</body>