Revision d291634a
Added by Renato Botelho over 11 years ago
| usr/local/www/pkg_mgr_install.php | ||
|---|---|---|
| 181 | 181 |
ob_flush(); |
| 182 | 182 |
|
| 183 | 183 |
if ($_GET) {
|
| 184 |
$pkgname = str_replace(array("<", ">", ";", "&", "'"), "", htmlspecialchars_decode($_GET['pkg']));
|
|
| 184 |
$pkgname = str_replace(array("<", ">", ";", "&", "'", '"'), "", htmlspecialchars_decode($_GET['pkg'], ENT_QUOTES | ENT_HTML401));
|
|
| 185 | 185 |
switch($_GET['mode']) {
|
| 186 | 186 |
case 'showlog': |
| 187 | 187 |
if (strpos($pkgname, ".")) {
|
Also available in: Unified diff
Take single and double quotes into consideration