|
From: Sebastian N. <no...@us...> - 2004-12-01 13:56:41
|
Update of /cvsroot/php-blog/serendipity/templates/newspaper In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv23607/templates/newspaper Modified Files: Tag: branch-0-7 layout.php Log Message: Fixmed XSS Vulenerability. Should we release a 0.7.1? Index: layout.php =================================================================== RCS file: /cvsroot/php-blog/serendipity/templates/newspaper/layout.php,v retrieving revision 1.13 retrieving revision 1.13.4.1 diff -u -d -r1.13 -r1.13.4.1 --- layout.php 25 Aug 2004 08:58:19 -0000 1.13 +++ layout.php 1 Dec 2004 13:56:31 -0000 1.13.4.1 @@ -80,10 +80,10 @@ } if ($r === true) { - echo sprintf(NO_ENTRIES_BLAHBLAH, $serendipity['GET']['searchTerm']); + echo sprintf(NO_ENTRIES_BLAHBLAH, strip_tags($serendipity['GET']['searchTerm'])); break; } - echo sprintf(YOUR_SEARCH_RETURNED_BLAHBLAH, $serendipity["GET"]["searchTerm"], count($r)); + echo sprintf(YOUR_SEARCH_RETURNED_BLAHBLAH, strip_tags($serendipity["GET"]["searchTerm"]), count($r)); serendipity_printEntries($r); break; |
