[appdb] fix 2 cross site scripting issues
Marcus Meissner
marcus at jet.franken.de
Sat Dec 18 12:49:04 CST 2004
Hi,
2 typical cross site scripting problems...
Ciao, Marcus
Changelog:
Fix 2 cross site scripting problems.
Index: account.php
===================================================================
RCS file: /home/wine/appdb/account.php,v
retrieving revision 1.6
diff -u -r1.6 account.php
--- account.php 13 Dec 2004 03:50:02 -0000 1.6
+++ account.php 18 Dec 2004 19:35:25 -0000
@@ -169,7 +169,7 @@
}
else
{
- addmsg("Sorry, that username (".$_POST['ext_username'].") does not exist.", "red");
+ addmsg("Sorry, that username (". urlencode($_POST['ext_username']) .") does not exist.", "red");
}
redirect(apidb_fullurl("account.php?cmd=login"));
Index: search.php
===================================================================
RCS file: /home/wine/appdb/search.php,v
retrieving revision 1.4
diff -u -r1.4 search.php
--- search.php 14 Dec 2004 02:26:38 -0000 1.4
+++ search.php 18 Dec 2004 19:35:25 -0000
@@ -16,7 +16,7 @@
{
// do something
echo html_frame_start("","98%");
- echo "No matches found for ".$_REQUEST['q']."\n";
+ echo "No matches found for " . urlencode($_REQUEST['q']) . "\n";
echo html_frame_end();
}
else
--
More information about the wine-patches
mailing list