[Lsb-messages] /var/www/bzr/lsb/devel/dbadmin r249: Don't trust passed-in LSB version.
Jeff Licquia
licquia at linuxfoundation.org
Wed May 16 22:59:29 UTC 2012
------------------------------------------------------------
revno: 249
committer: Jeff Licquia <licquia at linuxfoundation.org>
branch nick: dbadmin
timestamp: Wed 2012-05-16 18:59:29 -0400
message:
Don't trust passed-in LSB version.
modified:
cookie.inc
-------------- next part --------------
=== modified file 'cookie.inc'
--- a/cookie.inc 2012-04-18 08:11:35 +0000
+++ b/cookie.inc 2012-05-16 22:59:29 +0000
@@ -41,7 +41,7 @@
global $TargetDistros;
if( isset($_REQUEST['changever']) and $_REQUEST['changever'] != "" ) {
- $lsbversion = $_REQUEST['changever'];
+ $lsbversion = htmlspecialchars($_REQUEST['changever']);
setcookie("LSBVersion",$_REQUEST['changever']);
}
else {
More information about the lsb-messages
mailing list