[projects/buildlogs] More escaping.
arekm
arekm at pld-linux.org
Tue Feb 4 19:22:28 CET 2020
commit 00ebdf7f2d55acf26a77780d32b441bf89b41636
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date: Tue Feb 4 19:22:21 2020 +0100
More escaping.
index.php | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
---
diff --git a/index.php b/index.php
index 6eca071..810969f 100644
--- a/index.php
+++ b/index.php
@@ -55,14 +55,22 @@ if (isset($_GET["dist"]) && isset($_GET["arch"]))
$arch = basename(htmlspecialchars($arch, ENT_QUOTES, 'UTF-8'));
}
-if (isset($_POST["dist"])) $dist = basename($_POST["dist"]);
-if (isset($_POST["arch"])) $arch = basename($_POST["arch"]);
+if (isset($_POST["dist"])) {
+ $dist = $_POST["dist"];
+ $dist = basename(htmlspecialchars($dist, ENT_QUOTES, 'UTF-8'));
+}
+
+if (isset($_POST["arch"])) {
+ $arch = $_POST["arch"];
+ $arch = basename(htmlspecialchars($arch, ENT_QUOTES, 'UTF-8'));
+}
if (isset($_GET["name"])) {
$name_url = urlencode($_GET["name"]);
$name = $_GET["name"];
- $name = $dist = basename(htmlspecialchars($name, ENT_QUOTES, 'UTF-8'));
+ $name = basename(htmlspecialchars($name, ENT_QUOTES, 'UTF-8'));
}
+
if (isset($_GET["ok"]))$ok=(int)$_GET["ok"];
else $ok="";
if (isset($_GET["ns"]))$ns=(int)$_GET["ns"];
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/projects/buildlogs.git/commitdiff/00ebdf7f2d55acf26a77780d32b441bf89b41636
More information about the pld-cvs-commit
mailing list