Revision f01d8c49
Added by Jim Pingle over 14 years ago
| usr/local/www/fbegin.inc | ||
|---|---|---|
| 273 | 273 |
if ($value['url']) {
|
| 274 | 274 |
$notice_msgs .= $date.' - <a href="'.$url.'?' . htmlspecialchars($request_string) . '¬iceaction=acknowledge¬iceid='.$key.'">['.$value['id'].']</a>'; |
| 275 | 275 |
} else {
|
| 276 |
$notice_msgs .= $date.' - <a href="?' . htmlspecialchars($request_string) . '¬iceaction=acknowledge¬iceid='.$key.'">['.$value['id'].']'.$noticemsg.'</a>';
|
|
| 276 |
$notice_msgs .= $date.' - <a href="?' . htmlspecialchars($request_string) . '¬iceaction=acknowledge¬iceid='.$key.'">['.$value['id'].']'.htmlspecialchars($noticemsg).'</a>';
|
|
| 277 | 277 |
} |
| 278 | 278 |
$notice_msgs .= " .:. "; |
| 279 | 279 |
} |
Also available in: Unified diff
One more potential XSS vector. Not sure how it would have text injected here, but better safe than sorry.