Revision 25ba63fb
Added by Renato Botelho over 11 years ago
| usr/local/www/pkg_mgr_install.php | ||
|---|---|---|
| 184 | 184 |
ob_flush(); |
| 185 | 185 |
|
| 186 | 186 |
if ($_GET) {
|
| 187 |
$pkgname = str_replace(array("<", ">", ";", "&", "'"), "", htmlspecialchars_decode($_GET['pkg']));
|
|
| 187 |
$pkgname = str_replace(array("<", ">", ";", "&", "'", '"'), "", htmlspecialchars_decode($_GET['pkg'], ENT_QUOTES | ENT_HTML401));
|
|
| 188 | 188 |
switch($_GET['mode']) {
|
| 189 | 189 |
case 'showlog': |
| 190 | 190 |
if (strpos($pkgname, ".")) {
|
Also available in: Unified diff
Take single and double quotes into consideration