external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix XSS vulnerabilities in package comment templates.

Browse source 
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This commit is contained in:
Lukas Fleischer 2011-03-30 10:49:51 +02:00
parent 11366b8a1a
commit 3aa2240b7d
2 changed files with 3 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

2
web/template/pkg_comments.php
View file

@ -39,7 +39,7 @@ while (list($indx, $carr) = each($comments)) { ?>
$count = package_comments_count($_GET['ID']);
if ($count > 10 && !isset($_GET['comments'])) {
echo '<div class="pgbox">';
echo '<a href="'. $_SERVER['PHP_SELF'] . '?ID=' . $_REQUEST['ID'] . '&comments=all">'. __('Show all %s comments', $count) . '</a>';
echo '<a href="'. $_SERVER['REQUEST_URI'] . '&comments=all">'. __('Show all %s comments', $count) . '</a>';
echo '</div>';
}
?>