From: panda <panda>
Date: Fri, 28 Mar 2003 15:34:29 +0000 (+0900)
Subject: BugTrack/274: fix XSS vulnerability.
X-Git-Tag: r1_5_0_rc1~1727
X-Git-Url: http://git.osdn.net/view?a=commitdiff_plain;h=318e4057d5d89dc373b5c8b27744df478c1a556b;p=pukiwiki%2Fpukiwiki.git

BugTrack/274: fix XSS vulnerability.
---

diff --git a/plugin/bugtrack.inc.php b/plugin/bugtrack.inc.php
index f278da9..638108f 100644
--- a/plugin/bugtrack.inc.php
+++ b/plugin/bugtrack.inc.php
@@ -8,7 +8,7 @@
  * Êѹ¹ÍúÎò:
  *  2002.06.17: ºî¤ê»Ï¤á
  *
- * $Id: bugtrack.inc.php,v 1.11 2003/03/05 09:16:52 panda Exp $
+ * $Id: bugtrack.inc.php,v 1.12 2003/03/28 15:34:29 panda Exp $
  */
 
 function plugin_bugtrack_init()
@@ -92,6 +92,8 @@ function plugin_bugtrack_print_form($base,$category)
 		$encoded_category .= '</select>';
 	}
 	
+	$s_base = htmlspecialchars($base);
+	
 	$body = <<<EOD
 <form action="$script" method="post">
  <table border="0">
@@ -132,7 +134,7 @@ function plugin_bugtrack_print_form($base,$category)
     <input type="submit" value="$_bugtrack_plugin_submit" />
     <input type="hidden" name="plugin" value="bugtrack" />
     <input type="hidden" name="mode" value="submit" />
-    <input type="hidden" name="base" value="$base" />
+    <input type="hidden" name="base" value="$s_base" />
    </td>
   </tr>
  </table>