[PHP-WEBMASTER] com web/php: Fix XSS reported by Francisco Alonso @ Red Hat Product Security: include/site.inc

Thu, 04 Sep 2014 14:29:28 -0700 

Commit:    69702f8d56997e42c2a79812857c49770e7672f0
Author:    Hannes Magnusson <[email protected]>         Thu, 4 Sep 2014 
14:27:04 -0700
Parents:   c05addbc1c10e7b833a6025cd1d361747a870692
Branches:  master

Link:       
http://git.php.net/?p=web/php.git;a=commitdiff;h=69702f8d56997e42c2a79812857c49770e7672f0

Log:
Fix XSS reported by Francisco Alonso @ Red Hat Product Security

Changed paths:
  M  include/site.inc


Diff:
diff --git a/include/site.inc b/include/site.inc
index 508fd62..4dc8d22 100644
--- a/include/site.inc
+++ b/include/site.inc
@@ -256,7 +256,7 @@ function print_mirror_box($countryname, $countrycode, 
$mirrors, $file = null, $d
     }
 ?>
             <div class="entry">
-                <div class="url"><a href="<?php echo $url; ?>" title="<?php 
echo clean($mirror['url']); ?>"><?php echo clean($urltitle); ?></a></div>
+                <div class="url"><a href="<?php echo htmlentities($url, 
ENT_QUOTES | ENT_IGNORE, 'UTF-8'); ?>" title="<?php echo clean($mirror['url']); 
?>"><?php echo clean($urltitle); ?></a></div>
                 <div class="provider"><a href="<?php echo 
$mirror['provider_url']; ?>" title="<?php echo 
clean($mirror['provider_title']); ?>"><?php echo 
clean($mirror['provider_title']); ?></a></div>
             </div>
             <?php endforeach; ?>


--
PHP Webmaster List Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to