external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix XSS vulnerabilities in package comment templates.

Browse source 
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This commit is contained in:
Lukas Fleischer 2011-03-30 10:49:51 +02:00
parent 11366b8a1a
commit 3aa2240b7d
2 changed files with 3 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

4
web/template/pkg_comment_form.php
View file

@ -50,14 +50,14 @@ if (isset($_REQUEST['comment'])) {
# Prompt visitor for comment
?>
<div class="pgbox">
<form action='<?php echo $_SERVER['PHP_SELF'] . '?ID=' . $_REQUEST['ID'] ?>' method='post'>
<form action='<?php echo $_SERVER['REQUEST_URI'] ?>' method='post'>
<div style="padding: 1%">
<?php
if (isset($_REQUEST['comment'])) {
echo '<b>' . __('Comment has been added.') . '</b>';
}
?>
<input type='hidden' name='ID' value="<?php echo $_REQUEST['ID'] ?>" />
<input type='hidden' name='ID' value="<?php echo intval($_REQUEST['ID']) ?>" />
<?php echo __('Enter your comment below.') ?><br />
<textarea name='comment' cols='80' rows='10' style="width: 100%"></textarea><br />
<input type='submit' value="<?php echo __("Submit") ?>" />