From: Chris H. <ta...@us...> - 2003-01-23 21:47:50
|
Update of /cvsroot/squirrelmail/squirrelmail/src In directory sc8-pr-cvs1:/tmp/cvs-serv4285 Modified Files: search.php Log Message: Prevent XSS silliness in memorized searches. Index: search.php =================================================================== RCS file: /cvsroot/squirrelmail/squirrelmail/src/search.php,v retrieving revision 1.89 retrieving revision 1.90 diff -u -w -r1.89 -r1.90 --- search.php 31 Dec 2002 12:49:42 -0000 1.89 +++ search.php 23 Jan 2003 21:47:35 -0000 1.90 @@ -383,7 +383,7 @@ if (isset($attributes['search_what'][$i]) && !empty($attributes['search_what'][$i])) { echo html_tag( 'td', $attributes['search_folder'][$i], 'left', '', 'width="35%"' ) - . html_tag( 'td', $attributes['search_what'][$i], 'left' ) + . html_tag( 'td', htmlentities($attributes['search_what'][$i]), 'left' ) . html_tag( 'td', $attributes['search_where'][$i], 'center' ) . html_tag( 'td', '', 'right' ) . "<a href=search.php?count=$i&submit=save>" |