From ac02fa2d2a566caf08626331147459a7d24b1171 Mon Sep 17 00:00:00 2001
From: panda <panda>
Date: Fri, 28 Feb 2003 15:18:39 +0900
Subject: [PATCH] fix XSS vulnerability.

---
 plugin.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/plugin.php b/plugin.php
index 22c051d..d922fc7 100644
--- a/plugin.php
+++ b/plugin.php
@@ -2,7 +2,7 @@
 /////////////////////////////////////////////////
 // PukiWiki - Yet another WikiWikiWeb clone.
 //
-// $Id: plugin.php,v 1.4 2003/02/26 03:04:25 panda Exp $
+// $Id: plugin.php,v 1.5 2003/02/28 06:18:39 panda Exp $
 //
 
 // ¥×¥é¥°¥¤¥óÍѤË̤ÄêµÁ¤ÎÊÑ¿ô¤òÀßÄê
@@ -102,7 +102,7 @@ function do_plugin_convert($name,$args)
 	
 	if($retvar === FALSE)
 	{
-		return "#${name}(${args})";
+		return htmlspecialchars('#'.$name.($args ? "($args)" : ''));
 	}
 	
 	return $retvar;
@@ -119,7 +119,7 @@ function do_plugin_inline($name,$args,$body)
 	
 	if($retvar === FALSE)
 	{
-		return "#${name}(${args})";
+		return htmlspecialchars("&${name}" . ($args ? "($args)" : '') . ';');
 	}
 	
 	return $retvar;
-- 
2.11.0