]>
Commit | Line | Data |
---|---|---|
59dbe8d4 MT |
1 | ------------------------------------------------------------------------ |
2 | r7443 | rony | 2014-03-30 18:43:28 -0500 (Sun, 30 Mar 2014) | 2 lines | |
3 | ||
4 | bug#0002431: CVE-2014-2326 Unspecified HTML Injection Vulnerability | |
5 | ||
6 | ------------------------------------------------------------------------ | |
7 | Index: branches/0.8.8/cdef.php | |
8 | =================================================================== | |
9 | --- branches/0.8.8/cdef.php (revision 7442) | |
10 | +++ branches/0.8.8/cdef.php (revision 7443) | |
11 | @@ -431,7 +431,7 @@ | |
12 | <a class="linkEditMain" href="<?php print htmlspecialchars("cdef.php?action=item_edit&id=" . $cdef_item["id"] . "&cdef_id=" . $cdef["id"]);?>">Item #<?php print htmlspecialchars($i);?></a> | |
13 | </td> | |
14 | <td> | |
15 | - <em><?php $cdef_item_type = $cdef_item["type"]; print $cdef_item_types[$cdef_item_type];?></em>: <strong><?php print get_cdef_item_name($cdef_item["id"]);?></strong> | |
16 | + <em><?php $cdef_item_type = $cdef_item["type"]; print $cdef_item_types[$cdef_item_type];?></em>: <strong><?php print htmlspecialchars(get_cdef_item_name($cdef_item["id"]));?></strong> | |
17 | </td> | |
18 | <td> | |
19 | <a href="<?php print htmlspecialchars("cdef.php?action=item_movedown&id=" . $cdef_item["id"] . "&cdef_id=" . $cdef["id"]);?>"><img src="images/move_down.gif" border="0" alt="Move Down"></a> |