[Lsb-messages] /var/www/bzr/lsb/devel/dbadmin r249: Don't trust passed-in LSB version.

Jeff Licquia licquia at linuxfoundation.org
Wed May 16 22:59:29 UTC 2012


------------------------------------------------------------
revno: 249
committer: Jeff Licquia <licquia at linuxfoundation.org>
branch nick: dbadmin
timestamp: Wed 2012-05-16 18:59:29 -0400
message:
  Don't trust passed-in LSB version.
modified:
  cookie.inc
-------------- next part --------------
=== modified file 'cookie.inc'
--- a/cookie.inc	2012-04-18 08:11:35 +0000
+++ b/cookie.inc	2012-05-16 22:59:29 +0000
@@ -41,7 +41,7 @@
     global $TargetDistros;
 
     if( isset($_REQUEST['changever']) and $_REQUEST['changever'] != "" ) {
-        $lsbversion = $_REQUEST['changever'];
+        $lsbversion = htmlspecialchars($_REQUEST['changever']);
         setcookie("LSBVersion",$_REQUEST['changever']);
     }
     else {



More information about the lsb-messages mailing list