Revision 25ba63fb
Added by Renato Botelho over 11 years ago
usr/local/www/pkg_mgr_install.php | ||
---|---|---|
184 | 184 |
ob_flush(); |
185 | 185 |
|
186 | 186 |
if ($_GET) { |
187 |
$pkgname = str_replace(array("<", ">", ";", "&", "'"), "", htmlspecialchars_decode($_GET['pkg']));
|
|
187 |
$pkgname = str_replace(array("<", ">", ";", "&", "'", '"'), "", htmlspecialchars_decode($_GET['pkg'], ENT_QUOTES | ENT_HTML401));
|
|
188 | 188 |
switch($_GET['mode']) { |
189 | 189 |
case 'showlog': |
190 | 190 |
if (strpos($pkgname, ".")) { |
Also available in: Unified diff
Take single and double quotes into consideration