external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix some more XSS vulnerabilities

Browse source 
Escape strings properly using htmlspecialchars(). Seems like we missed
these in former cleanups. Fixes FS#28515.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This commit is contained in:
Lukas Fleischer 2012-02-19 04:10:12 +01:00
parent e53b91fe52
commit 6f6904db3f
3 changed files with 3 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

2
web/template/header.php
View file

@ -4,7 +4,7 @@
<html xmlns="http://www.w3.org/1999/xhtml"
xml:lang="<?php print "$LANG\" lang=\"$LANG"; ?>">
<head>
<title>AUR (<?php print $LANG; ?>)<?php if ($title != "") { print " - " . $title; } ?></title>
<title>AUR (<?php print htmlspecialchars($LANG); ?>)<?php if ($title != "") { print " - " . htmlspecialchars($title); } ?></title>
<link rel='stylesheet' type='text/css' href='css/fonts.css' />
<link rel='stylesheet' type='text/css' href='css/containers.css' />
<link rel='stylesheet' type='text/css' href='css/arch.css' />