external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix XSS vulnerabilities in "web/html/voters.php".

Browse source 
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This commit is contained in:
Lukas Fleischer 2011-03-30 11:10:16 +02:00
parent 55eb55a75f
commit 2eb45e7d9e
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
web/html/voters.php
View file

@ -13,7 +13,7 @@ function getvotes($pkgid) {
$SID = $_COOKIE['AURSID']; $SID = $_COOKIE['AURSID'];
$pkgid = $_GET['ID']; $pkgid = intval($_GET['ID']);
$votes = getvotes($pkgid); $votes = getvotes($pkgid);
$account = account_from_sid($SID); $account = account_from_sid($SID);
@ -29,7 +29,7 @@ if ($account == 'Trusted User' || $account == 'Developer') {
$username = $row['Username']; $username = $row['Username'];
?> ?>
<a href="account.php?Action=AccountInfo&amp;ID=<?php echo $uid ?>"> <a href="account.php?Action=AccountInfo&amp;ID=<?php echo $uid ?>">
<?php echo $username ?></a><br /> <?php echo htmlspecialchars($username) ?></a><br />
<?php <?php
} }
?> ?>