[Fusionforge-commits] r10409 - in trunk/src/www: account forum/admin project/admin

Alain Peyrat aljeux at libremir.placard.fr.eu.org
Fri Sep 3 23:55:51 CEST 2010


Author: aljeux
Date: 2010-09-03 23:55:51 +0200 (Fri, 03 Sep 2010)
New Revision: 10409

Modified:
   trunk/src/www/account/login.php
   trunk/src/www/forum/admin/index.php
   trunk/src/www/project/admin/users.php
Log:
Protect feedback string

Modified: trunk/src/www/account/login.php
===================================================================
--- trunk/src/www/account/login.php	2010-09-03 21:50:55 UTC (rev 10408)
+++ trunk/src/www/account/login.php	2010-09-03 21:55:51 UTC (rev 10409)
@@ -36,7 +36,7 @@
 $login = getStringFromRequest('login');
 $form_loginname = getStringFromRequest('form_loginname');
 $form_pw = getStringFromRequest('form_pw');
-$feedback = getStringFromRequest('feedback');
+$feedback = htmlspecialchars(getStringFromRequest('feedback'));
 $triggered = getIntFromRequest('triggered');
 
 //

Modified: trunk/src/www/forum/admin/index.php
===================================================================
--- trunk/src/www/forum/admin/index.php	2010-09-03 21:50:55 UTC (rev 10408)
+++ trunk/src/www/forum/admin/index.php	2010-09-03 21:55:51 UTC (rev 10409)
@@ -32,7 +32,7 @@
 $group_id = getIntFromRequest('group_id');
 $group_forum_id = getIntFromRequest('group_forum_id');
 $deleteforum = getStringFromRequest('deleteforum');
-$feedback = getStringFromRequest('feedback');
+$feedback = htmlspecialchars(getStringFromRequest('feedback'));
 
 global $HTML;
 

Modified: trunk/src/www/project/admin/users.php
===================================================================
--- trunk/src/www/project/admin/users.php	2010-09-03 21:50:55 UTC (rev 10408)
+++ trunk/src/www/project/admin/users.php	2010-09-03 21:55:51 UTC (rev 10409)
@@ -36,7 +36,7 @@
 require_once $gfcommon.'include/GroupJoinRequest.class.php';
 
 $group_id = getIntFromRequest('group_id');
-$feedback = getStringFromRequest('feedback');
+$feedback = htmlspecialchars(getStringFromRequest('feedback'));
 session_require_perm ('project_admin', $group_id) ;
 
 // get current information




More information about the Fusionforge-commits mailing list