BugTrack/338: urlのhtmlspecialchars()漏れ

author arino <arino>

Mon, 19 May 2003 14:16:33 +0000 (23:16 +0900)

committer arino <arino>

Mon, 19 May 2003 14:16:33 +0000 (23:16 +0900)
author arino <arino>
Mon, 19 May 2003 14:16:33 +0000 (23:16 +0900)
committer arino <arino>
Mon, 19 May 2003 14:16:33 +0000 (23:16 +0900)
diff --git a/make_link.php b/make_link.php

index 6114086..e173073 100644 (file)
--- a/make_link.php
+++ b/make_link.php
@@ -2,7 +2,7 @@
  /////////////////////////////////////////////////
  // PukiWiki - Yet another WikiWikiWeb clone.
  //
-// $Id: make_link.php,v 1.40 2003/05/19 09:14:40 arino Exp $
+// $Id: make_link.php,v 1.41 2003/05/19 14:16:33 arino Exp $
  //
  
  // ¥ê¥ó¥¯¤òÉÕ²Ã¤¹¤ë
@@ -343,8 +343,8 @@ EOD;
         {
                 $arr = $this->splice($arr);
                 
-               $name = $arr[3];
-               $alias = ($arr[2] == '') ? $arr[3] : $arr[2];
+               $name = htmlspecialchars($arr[3]);
+               $alias = ($arr[2] == '') ? $name : $arr[2];
                 return parent::setParam($page,$name,'url',$alias);
                 
         }
@@ -380,7 +380,7 @@ EOD;
         {
                 $arr = $this->splice($arr);
                 
-               $name = $arr[1];
+               $name = htmlspecialchars($arr[1]);
                 $alias = $arr[2];
                 
                 return parent::setParam($page,$name,'url',$alias);