Control: tags -1 + patch Attached is a patch that prevents the XSS flaws previously mentioned.
Regards, Daniel
Index: common-html.php
===================================================================
--- common-html.php (revision 3261)
+++ common-html.php (working copy)
@@ -398,7 +398,7 @@
{
if (($key == 'login') or ($key == 'package') or ($key == 'gpg_key'))
{
- $action .= html_input_hidden($key,$_GET[$key]);
+ $action .= html_input_hidden($key,htmlspecialchars($_GET[$key]));
}
}
return $action;
signature.asc
Description: OpenPGP digital signature
