The Wayback Machine - https://web.archive.org/all/20061013024114/http://dev.punbb.org:80/changeset/335

Changeset 335

Show
Ignore:
Timestamp:
Tue Feb 28 18:20:27 2006
Author:
Rickard
Message:

Fixed XSS vulnerability.

Files:

Legend:

Unmodified
Added
Removed
Modified

  • trunk/upload/header.php

    r209 r335  
    132 132  
    133 133 // START SUBST - <pun_page>  
    134   $tpl_main = str_replace('<pun_page>', basename($_SERVER['PHP_SELF'], '.php'), $tpl_main);  
      134 $tpl_main = str_replace('<pun_page>', htmlspecialchars(basename($_SERVER['PHP_SELF'], '.php')), $tpl_main);  
    134 134 // END SUBST - <pun_title>  
    135 135