From 318e4057d5d89dc373b5c8b27744df478c1a556b Mon Sep 17 00:00:00 2001
From: panda <panda>
Date: Sat, 29 Mar 2003 00:34:29 +0900
Subject: [PATCH] BugTrack/274: fix XSS vulnerability.

---
 plugin/bugtrack.inc.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/plugin/bugtrack.inc.php b/plugin/bugtrack.inc.php
index f278da9..638108f 100644
--- a/plugin/bugtrack.inc.php
+++ b/plugin/bugtrack.inc.php
@@ -8,7 +8,7 @@
  * Êѹ¹ÍúÎò:
  *  2002.06.17: ºî¤ê»Ï¤á
  *
- * $Id: bugtrack.inc.php,v 1.11 2003/03/05 09:16:52 panda Exp $
+ * $Id: bugtrack.inc.php,v 1.12 2003/03/28 15:34:29 panda Exp $
  */
 
 function plugin_bugtrack_init()
@@ -92,6 +92,8 @@ function plugin_bugtrack_print_form($base,$category)
 		$encoded_category .= '</select>';
 	}
 	
+	$s_base = htmlspecialchars($base);
+	
 	$body = <<<EOD
 <form action="$script" method="post">
  <table border="0">
@@ -132,7 +134,7 @@ function plugin_bugtrack_print_form($base,$category)
     <input type="submit" value="$_bugtrack_plugin_submit" />
     <input type="hidden" name="plugin" value="bugtrack" />
     <input type="hidden" name="mode" value="submit" />
-    <input type="hidden" name="base" value="$base" />
+    <input type="hidden" name="base" value="$s_base" />
    </td>
   </tr>
  </table>
-- 
2.11.0