www/adiumxtras.com 27:38f9d74c9ac8: Quick fix for an XSS with th...
commits at adium.im
commits at adium.im
Mon Nov 22 19:25:35 UTC 2010
details: http://hg.adium.im/www/adiumxtras.com/rev/38f9d74c9ac8
revision: 27:38f9d74c9ac8
author: Thijs Alkemade <thijsalkemade at gmail.com>
date: Mon Nov 22 20:21:06 2010 +0100
Quick fix for an XSS with the search.
Should have another look at this later, it might be happening more often. Fixes #14633.
diffs (12 lines):
diff -r a4ab4beca4f2 -r 38f9d74c9ac8 search.php
--- a/search.php Sat Oct 30 17:32:43 2010 -0400
+++ b/search.php Mon Nov 22 20:21:06 2010 +0100
@@ -71,7 +71,7 @@
}
if ($keys)
- $smarty->assign("title", sprintf("Categories: %s, Search: %s", $catInfo["cat_name"], $_GET['s']));
+ $smarty->assign("title", sprintf("Categories: %s, Search: %s", $catInfo["cat_name"], htmlspecialchars(stripslashes($_GET['s']))));
else
if ($_GET['user_id'])
$smarty->assign("title", sprintf("Categories: %s, User: %s (%d)", $catInfo["cat_name"], $byUserName, $_GET['user_id']));
More information about the commits
mailing list