Commit: 46a74d234c026fea0928764e940a729801d604b5 Author: kovacs.ferenc <[email protected]> Wed, 11 Jun 2014 10:44:28 +0200 Parents: e353f1f83f51adb95a5fc981e0ee37d2374602d5 Branches: master
Link: http://git.php.net/?p=web/bugs.git;a=commitdiff;h=46a74d234c026fea0928764e940a729801d604b5 Log: escape/encode the email address when outputting Changed paths: M www/bug.php Diff: diff --git a/www/bug.php b/www/bug.php index 5d78183..5c16073 100644 --- a/www/bug.php +++ b/www/bug.php @@ -918,7 +918,7 @@ if ($edit == 1 || $edit == 2) { ?> <tr> <th class="details">New email:</th> <td colspan="3"> - <input type="text" size="40" maxlength="40" name="in[email]" value="<?php echo isset($_POST['in']) && isset($_POST['in']['email']) ? $_POST['in']['email'] : ''; ?>" /> + <input type="text" size="40" maxlength="40" name="in[email]" value="<?php echo isset($_POST['in']) && isset($_POST['in']['email']) ? htmlspecialchars($_POST['in']['email']) : ''; ?>" /> </td> </tr> <tr> @@ -1206,7 +1206,7 @@ function link_to_people($email, $text) $domain = strstr($email, "@"); if ($domain == "@php.net") { $username = strstr($email, "@", true); - return '<a href="//people.php.net/user.php?username=' . $username . '">' . $text . '</a>'; + return '<a href="//people.php.net/user.php?username=' . urlencode($username) . '">' . $text . '</a>'; } return $text; } -- PHP Webmaster List Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
