[freenet-cvs] r8052 - trunk/website

[email protected] Fri, 17 Feb 2006 02:41:03 +0000 (UTC)

Author: ian
Date: 2006-02-17 02:41:01 +0000 (Fri, 17 Feb 2006)
New Revision: 8052


Modified:
   trunk/website/index.php
Log:
prevent exploit

Modified: trunk/website/index.php
===================================================================
--- trunk/website/index.php     2006-02-17 02:32:23 UTC (rev 8051)
+++ trunk/website/index.php     2006-02-17 02:41:01 UTC (rev 8052)
@@ -1,7 +1,7 @@
 <?
 session_start();
 if (isset($_REQUEST["page"])) {
-  $page = str_replace("%", "", $_REQUEST["page"]);
+  $page = str_replace("<", "", $_REQUEST["page"]);
 } else {
   if ((stristr($_SERVER["HTTP_ACCEPT_LANGUAGE"], "ja")) &&
       !(stristr($_SERVER["HTTP_ACCEPT_LANGUAGE"], "en"))) {

[freenet-cvs] r8052 - trunk/website

Reply via email to