fix $script xss X-(

author cocoitiban <cocoitiban@2ef88817-412d-0410-a32c-8029a115e976>

Wed, 19 Jul 2006 07:42:51 +0000 (07:42 +0000)

committer cocoitiban <cocoitiban@2ef88817-412d-0410-a32c-8029a115e976>

Wed, 19 Jul 2006 07:42:51 +0000 (07:42 +0000)
author cocoitiban <cocoitiban@2ef88817-412d-0410-a32c-8029a115e976>
Wed, 19 Jul 2006 07:42:51 +0000 (07:42 +0000)
committer cocoitiban <cocoitiban@2ef88817-412d-0410-a32c-8029a115e976>
Wed, 19 Jul 2006 07:42:51 +0000 (07:42 +0000)
diff --git a/class/Ethna_ViewClass.php b/class/Ethna_ViewClass.php

index ff39f99..ec9c541 100644 (file)
--- a/class/Ethna_ViewClass.php
+++ b/class/Ethna_ViewClass.php
@@ -421,7 +421,7 @@ class Ethna_ViewClass
              $tmp_session = Ethna_Util::escapeHtml($_SESSION);
              $renderer->setPropByRef('session', $tmp_session);
          }
-        $renderer->setProp('script', basename($_SERVER['PHP_SELF']));
+        $renderer->setProp('script', htmlspecialchars(basename($_SERVER['PHP_SELF']), ENT_QUOTES));
          $renderer->setProp('request_uri', htmlspecialchars($_SERVER['REQUEST_URI'], ENT_QUOTES));
  
          return $renderer;
author	cocoitiban <cocoitiban@2ef88817-412d-0410-a32c-8029a115e976>
	Wed, 19 Jul 2006 07:42:51 +0000 (07:42 +0000)
committer	cocoitiban <cocoitiban@2ef88817-412d-0410-a32c-8029a115e976>
	Wed, 19 Jul 2006 07:42:51 +0000 (07:42 +0000)