diff options
| author | Michal Čihař <mcihar@novell.com> | 2010-08-17 18:20:15 +0400 |
|---|---|---|
| committer | Michal Čihař <mcihar@novell.com> | 2010-08-18 13:30:19 +0400 |
| commit | 6d548f7d449b7d4b796949d10a503484f63eaf82 (patch) | |
| tree | 085ba2f953baadd7300060324b4871fcb06444ff /db_search.php | |
| parent | f3f073a0ba8fe8e3857d98a84627bda53d50dc5e (diff) | |
Fix XSS on field_str in db_search.php.
Diffstat (limited to 'db_search.php')
| -rw-r--r-- | db_search.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/db_search.php b/db_search.php index 751675db5a..455aa61a1b 100644 --- a/db_search.php +++ b/db_search.php @@ -355,7 +355,7 @@ $alter_select = <tr><td align="right"> <?php echo $GLOBALS['strSearchInField']; ?></td> <td><input type="text" name="field_str" size="60" - value="<?php echo ! empty($field_str) ? $field_str : ''; ?>" /></td> + value="<?php echo ! empty($field_str) ? htmlspecialchars($field_str) : ''; ?>" /></td> </tr> </table> </fieldset> |