Fixed: HTML vulnerability (Cross Site Scripting)

git-svn-id: http://piwigo.org/svn/trunk@1696 68402e56-0260-453c-a942-63ccdbb3a9ee
2026-06-02 04:15:05 +02:00 · 2007-01-03 23:28:09 +00:00
parent aa5f1e3358
commit 60bcda3564
2 changed files with 3 additions and 3 deletions
@@ -193,8 +193,8 @@ $template->assign_vars(
    'L_COMMENT_TITLE' => $title,

    'F_ACTION'=>PHPWG_ROOT_PATH.'comments.php',
-    'F_KEYWORD'=>@$_GET['keyword'],
-    'F_AUTHOR'=>@$_GET['author'],
+    'F_KEYWORD'=>@htmlentities($_GET['keyword']),
+    'F_AUTHOR'=>@htmlentities($_GET['author']),

    'U_HOME' => make_index_url(),
    )