diff options
author | mensonge <mensonge@b3834d28-1941-0410-a4f8-b48e95affb8f> | 2008-11-14 14:38:55 +0000 |
---|---|---|
committer | mensonge <mensonge@b3834d28-1941-0410-a4f8-b48e95affb8f> | 2008-11-14 14:38:55 +0000 |
commit | 8bc7ad4383452b2a3872aea3ef7c3eaef675af3b (patch) | |
tree | e53ab979893650a6b50074dbd09f69dd59743cc6 /templates | |
parent | 67a13f74ce1b51732a9b3f759ca956bd762b0c0b (diff) | |
download | semanticscuttle-8bc7ad4383452b2a3872aea3ef7c3eaef675af3b.tar.gz semanticscuttle-8bc7ad4383452b2a3872aea3ef7c3eaef675af3b.tar.bz2 |
Bug fix: correct XSS problems (prevent username with non-alphanumeric characters, protect profile page)
git-svn-id: https://semanticscuttle.svn.sourceforge.net/svnroot/semanticscuttle/trunk@157 b3834d28-1941-0410-a4f8-b48e95affb8f
Diffstat (limited to 'templates')
-rw-r--r-- | templates/editprofile.tpl.php | 2 | ||||
-rw-r--r-- | templates/profile.tpl.php | 4 |
2 files changed, 3 insertions, 3 deletions
diff --git a/templates/editprofile.tpl.php b/templates/editprofile.tpl.php index c9eb8a4..a38dbd8 100644 --- a/templates/editprofile.tpl.php +++ b/templates/editprofile.tpl.php @@ -40,7 +40,7 @@ $this->includeTemplate($GLOBALS['top_include']); </tr> <tr> <th align="left"><?php echo T_('Homepage'); ?></th> - <td><input type="text" name="pPage" size="75" value="<?php echo filter($row['homepage'], 'xml'); ?>" /></td> + <td><input type="text" name="pPage" size="75" value="<?php echo filter($row['homepage']); ?>" /></td> </tr> <tr> <th align="left"><?php echo T_('Description'); ?></th> diff --git a/templates/profile.tpl.php b/templates/profile.tpl.php index d7ace7e..ecfadbb 100644 --- a/templates/profile.tpl.php +++ b/templates/profile.tpl.php @@ -10,13 +10,13 @@ $this->includeTemplate($GLOBALS['top_include']); if ($row['name'] != "") { ?> <dt><?php echo T_('Name'); ?></dt> - <dd><?php echo $row['name']; ?></dd> + <dd><?php echo filter($row['name']); ?></dd> <?php } if ($row['homepage'] != "") { ?> <dt><?php echo T_('Homepage'); ?></dt> - <dd><a href="<?php echo $row['homepage']; ?>"><?php echo $row['homepage']; ?></a></dd> + <dd><a href="<?php echo filter($row['homepage'], 'url'); ?>"><?php echo filter($row['homepage']); ?></a></dd> <?php } ?> |