PLD-BTS/trunk/flyspray/scripts/details.php

Sun Jun 26 17:54:46 CEST 2005

Author: jajcus
Date: Sun Jun 26 17:54:44 2005
New Revision: 6187

Modified:
   PLD-BTS/trunk/flyspray/scripts/details.php
Log:
- another XML well-formedness (and cross-site scripting) bug fixed. (this code is a stinking piece of crap)

Modified: PLD-BTS/trunk/flyspray/scripts/details.php
==============================================================================

--- PLD-BTS/trunk/flyspray/scripts/details.php	(original)
+++ PLD-BTS/trunk/flyspray/scripts/details.php	Sun Jun 26 17:54:44 2005
@@ -505,8 +505,9 @@
       <br />
       <?php
       if ($task_details['closure_comment'] != '') {
-       echo "{$details_text['closurecomment']}&nbsp;&nbsp;";
-       $closure_comment = preg_replace("/\b(FS#)(\d+)\b/", "<a href=\"?do=details&amp;id=$2\">$0</a>", $task_details['closure_comment']);
+        echo "{$details_text['closurecomment']}&nbsp;&nbsp;";
+       $closure_comment = htmlspecialchars($task_details['closure_comment']);
+       $closure_comment = preg_replace("/\b(FS#)(\d+)\b/", "<a href=\"?do=details&amp;id=$2\">$0</a>", $closure_comment);
        echo nl2br(stripslashes($closure_comment));
       };
      ?>

