20 lines
1.3 KiB
Diff
20 lines
1.3 KiB
Diff
|
------------------------------------------------------------------------
|
||
|
r7443 | rony | 2014-03-30 18:43:28 -0500 (Sun, 30 Mar 2014) | 2 lines
|
||
|
|
||
|
bug#0002431: CVE-2014-2326 Unspecified HTML Injection Vulnerability
|
||
|
|
||
|
------------------------------------------------------------------------
|
||
|
Index: branches/0.8.8/cdef.php
|
||
|
===================================================================
|
||
|
--- branches/0.8.8/cdef.php (revision 7442)
|
||
|
+++ branches/0.8.8/cdef.php (revision 7443)
|
||
|
@@ -431,7 +431,7 @@
|
||
|
<a class="linkEditMain" href="<?php print htmlspecialchars("cdef.php?action=item_edit&id=" . $cdef_item["id"] . "&cdef_id=" . $cdef["id"]);?>">Item #<?php print htmlspecialchars($i);?></a>
|
||
|
</td>
|
||
|
<td>
|
||
|
- <em><?php $cdef_item_type = $cdef_item["type"]; print $cdef_item_types[$cdef_item_type];?></em>: <strong><?php print get_cdef_item_name($cdef_item["id"]);?></strong>
|
||
|
+ <em><?php $cdef_item_type = $cdef_item["type"]; print $cdef_item_types[$cdef_item_type];?></em>: <strong><?php print htmlspecialchars(get_cdef_item_name($cdef_item["id"]));?></strong>
|
||
|
</td>
|
||
|
<td>
|
||
|
<a href="<?php print htmlspecialchars("cdef.php?action=item_movedown&id=" . $cdef_item["id"] . "&cdef_id=" . $cdef["id"]);?>"><img src="images/move_down.gif" border="0" alt="Move Down"></a>
|