diff options
| author | Jehan-Guillaume (ioguix) de Rorthais | 2012-02-27 22:45:55 +0000 |
|---|---|---|
| committer | Jehan-Guillaume (ioguix) de Rorthais | 2012-02-27 22:45:55 +0000 |
| commit | 74174ad639664b52cc1609ede0af8bc403e98a00 (patch) | |
| tree | ca2d4abe87be8460c1f45982df4544960224fa32 | |
| parent | 5a29e20e35f26abfd3ce9d97fd1282c1388b4a5f (diff) | |
Fix XSS in function.php, reported by Mateusz Goik.
I'm not sure why the name and the type the functions were not escaped
*on purpose* here. There's no more reason here than in any other place
with other PostgreSQL objects to not escape the name or the type...
| -rw-r--r-- | functions.php | 2 |
1 files changed, 0 insertions, 2 deletions
diff --git a/functions.php b/functions.php index 7f0a7d38..4a043cf6 100644 --- a/functions.php +++ b/functions.php @@ -773,14 +773,12 @@ 'function' => array( 'title' => $lang['strfunction'], 'field' => field('proproto'), - 'type' => 'verbatim', 'url' => "redirect.php?subject=function&action=properties&{$misc->href}&", 'vars' => array('function' => 'proproto', 'function_oid' => 'prooid'), ), 'returns' => array( 'title' => $lang['strreturns'], 'field' => field('proreturns'), - 'type' => 'verbatim', ), 'owner' => array( 'title' => $lang['strowner'], |