PLD-BTS/trunk/flyspray/scripts/details.php

[jajcus]

Author: jajcus
Date: Sun Jun 26 17:54:44 2005
New Revision: 6187

Modified:
   PLD-BTS/trunk/flyspray/scripts/details.php
Log:
- another XML well-formedness (and cross-site scripting) bug fixed. (this code 
is a stinking piece of crap)

Modified: PLD-BTS/trunk/flyspray/scripts/details.php
==============================================================================
--- PLD-BTS/trunk/flyspray/scripts/details.php  (original)
+++ PLD-BTS/trunk/flyspray/scripts/details.php  Sun Jun 26 17:54:44 2005
@@ -505,8 +505,9 @@
       <br />
       <?php
       if ($task_details['closure_comment'] != '') {
-       echo "{$details_text['closurecomment']}&nbsp;&nbsp;";
-       $closure_comment = preg_replace("/\b(FS#)(\d+)\b/", "<a 
href=\"?do=details&amp;id=$2\">$0</a>", $task_details['closure_comment']);
+        echo "{$details_text['closurecomment']}&nbsp;&nbsp;";
+       $closure_comment = htmlspecialchars($task_details['closure_comment']);
+       $closure_comment = preg_replace("/\b(FS#)(\d+)\b/", "<a 
href=\"?do=details&amp;id=$2\">$0</a>", $closure_comment);
        echo nl2br(stripslashes($closure_comment));
       };
      ?>
_______________________________________________
pld-cvs-commit mailing list
pld-cvs-commit@lists.pld-linux.org
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit