Project

General

Profile

« Previous | Next » 

Revision 25ba63fb

Added by Renato Botelho over 11 years ago

Take single and double quotes into consideration

View differences:

usr/local/www/pkg_mgr_install.php
184 184
ob_flush();
185 185

  
186 186
if ($_GET) {
187
	$pkgname = str_replace(array("<", ">", ";", "&", "'"), "", htmlspecialchars_decode($_GET['pkg']));
187
	$pkgname = str_replace(array("<", ">", ";", "&", "'", '"'), "", htmlspecialchars_decode($_GET['pkg'], ENT_QUOTES | ENT_HTML401));
188 188
	switch($_GET['mode']) {
189 189
	case 'showlog':
190 190
		if (strpos($pkgname, ".")) {

Also available in: Unified diff