[Mrbs-commits] SF.net SVN: mrbs:[1776] mrbs/trunk/web

jberanek Sun, 30 Jan 2011 00:00:24 -0800

Revision: 1776
          http://mrbs.svn.sourceforge.net/mrbs/?rev=1776&view=rev
Author:   jberanek
Date:     2011-01-30 08:00:13 +0000 (Sun, 30 Jan 2011)


Log Message:
-----------
* Fixed two more places where $PHP_SELF was used in HTML without being
 properly escaped.

Modified Paths:
--------------
    mrbs/trunk/web/admin.php
    mrbs/trunk/web/view_entry.php

Modified: mrbs/trunk/web/admin.php
===================================================================
--- mrbs/trunk/web/admin.php    2011-01-28 23:46:37 UTC (rev 1775)
+++ mrbs/trunk/web/admin.php    2011-01-30 08:00:13 UTC (rev 1776)
@@ -94,7 +94,8 @@
   else
   {
     // If there are some areas displayable, then show the area form
-    echo "<form id=\"areaChangeForm\" method=\"get\" action=\"$PHP_SELF\">\n";
+    echo "<form id=\"areaChangeForm\" method=\"get\" action=\"".
+      htmlspecialchars($PHP_SELF)."\">\n";
     echo "<fieldset>\n";
     echo "<legend></legend>\n";
   

Modified: mrbs/trunk/web/view_entry.php
===================================================================
--- mrbs/trunk/web/view_entry.php       2011-01-28 23:46:37 UTC (rev 1775)
+++ mrbs/trunk/web/view_entry.php       2011-01-30 08:00:13 UTC (rev 1776)
@@ -10,7 +10,8 @@
 {
   global $room_id;
   
-  echo "<form action=\"$form_action?id=$id&amp;series=$series\" 
method=\"post\">\n";
+  echo "<form action=\"".htmlspecialchars($form_action).
+    "?id=$id&amp;series=$series\" method=\"post\">\n";
   echo "<fieldset>\n";
   echo "<legend></legend>\n";
   echo "<input type=\"hidden\" name=\"action\" value=\"$action_type\">\n";


This was sent by the SourceForge.net collaborative development platform, the 
world's largest Open Source development site.

------------------------------------------------------------------------------
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires 
February 28th, so secure your free ArcSight Logger TODAY! 
http://p.sf.net/sfu/arcsight-sfd2d
_______________________________________________
Mrbs-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/mrbs-commits

[Mrbs-commits] SF.net SVN: mrbs:[1776] mrbs/trunk/web

Reply via email to