Update of /cvsroot/php-blog/serendipity/include
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv19009/include
Modified Files:
genpage.inc.php
Log Message:
Fixing XSS-Vulnerability
Index: genpage.inc.php
===================================================================
RCS file: /cvsroot/php-blog/serendipity/include/genpage.inc.php,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -d -r1.6 -r1.7
--- genpage.inc.php 23 Nov 2004 12:24:32 -0000 1.6
+++ genpage.inc.php 1 Dec 2004 13:34:25 -0000 1.7
@@ -39,11 +39,11 @@
}
if ($r === true) {
- $serendipity['smarty']->assign('content_message', sprintf(NO_ENTRIES_BLAHBLAH, $serendipity['GET']['searchTerm']));
+ $serendipity['smarty']->assign('content_message', sprintf(NO_ENTRIES_BLAHBLAH, strip_tags($serendipity['GET']['searchTerm'])));
break;
}
- $serendipity['smarty']->assign('content_message', sprintf(YOUR_SEARCH_RETURNED_BLAHBLAH, $serendipity['GET']['searchTerm'], count($r)));
+ $serendipity['smarty']->assign('content_message', sprintf(YOUR_SEARCH_RETURNED_BLAHBLAH, strip_tags($serendipity['GET']['searchTerm']), count($r)));
serendipity_printEntries($r);
break;
|
