diff options
| author | Michael Tänzer <neo@nhng.de> | 2013-07-15 17:59:16 +0200 |
|---|---|---|
| committer | Michael Tänzer <neo@nhng.de> | 2013-07-15 17:59:16 +0200 |
| commit | 362ed35d683bc07f62a5e83aed1731eb1a8bffc1 (patch) | |
| tree | 68439d1545ac6272e7299037fc3fbe6e979f211e | |
| parent | 044d87058d67d970e77b3924492da3645d63225c (diff) | |
| download | cacert-devel-362ed35d683bc07f62a5e83aed1731eb1a8bffc1.tar.gz cacert-devel-362ed35d683bc07f62a5e83aed1731eb1a8bffc1.tar.xz cacert-devel-362ed35d683bc07f62a5e83aed1731eb1a8bffc1.zip | |
bug 1190: Fix possible code injection
Signed-off-by: Michael Tänzer <neo@nhng.de>
| -rw-r--r-- | pages/index/0.php | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/pages/index/0.php b/pages/index/0.php index a44b0a8..79a677d 100644 --- a/pages/index/0.php +++ b/pages/index/0.php @@ -48,15 +48,15 @@ $query = "./link"; $nodeList = $xpath->query($query, $item); - $link = $nodeList->item(0)->nodeValue; + $link = htmlspecialchars($nodeList->item(0)->nodeValue); $query = "./description"; $nodeList = $xpath->query($query, $item); $description = str_replace("&#", "&#", recode_string("UTF8..html" , $nodeList->item(0)->nodeValue)); - printf("<h3> %s </h3>\n", $title); - printf("<p> %s </p>\n", $description); - printf("<p>[<a href='%s'> %s </a> ] </p>\n\n", $link,_("Full Story")); + printf('<h3> %s </h3>\n', $title); + printf('<p> %s </p>\n', $description); + printf('<p>[<a href="%s"> %s </a> ] </p>\n\n', $link,_("Full Story")); $title = ''; $description = ''; |