[Lsb-messages] /var/www/bzr/lsb/devel/dbadmin r244: Fix possibe XSS vulnerability (bug #3487)
Denis Silakov
denis.silakov at rosalab.ru
Tue Apr 10 18:14:37 UTC 2012
------------------------------------------------------------
revno: 244
committer: Denis Silakov <denis.silakov at rosalab.ru>
branch nick: dbadmin
timestamp: Tue 2012-04-10 22:14:37 +0400
message:
Fix possibe XSS vulnerability (bug #3487)
modified:
commons.inc
-------------- next part --------------
=== modified file 'commons.inc'
--- a/commons.inc 2011-08-29 07:50:40 +0000
+++ b/commons.inc 2012-04-10 18:14:37 +0000
@@ -1213,7 +1213,7 @@
or $param == "offset"
or $param == "nextlet")
) {
- $link.= '&'.$param.'='.$_REQUEST[$param];
+ $link.= '&'.$param.'='.htmlspecialchars($_REQUEST[$param]);
}
}
More information about the lsb-messages
mailing list