Fix xss in controller

js/managedinstalls_functions.js

@@ -7,15 +7,15 @@ var managedInstallsVariables = {
 // Init function
 var initializeManagedInstalls = function(pkgName, pkgVersion){
     // Save the variables to the global space so the filter can use them
-    managedInstallsVariables.pkgName = pkgName;
-    managedInstallsVariables.pkgVersion = pkgVersion;
+    managedInstallsVariables.pkgName = decodeURIComponent(pkgName);
+    managedInstallsVariables.pkgVersion = decodeURIComponent(pkgVersion);
     if(pkgName){
         // Set name on heading
-        $('h3>span:first').text(pkgName);
+        $('h3>span:first').text(managedInstallsVariables.pkgName);
 
         if(pkgVersion){
             // Add version to heading
-            $('h3>span:first').text(pkgName + ' ('+pkgVersion+')');
+            $('h3>span:first').text(managedInstallsVariables.pkgName + ' ('+managedInstallsVariables.pkgVersion+')');
         }
     }
 }

managedinstalls_controller.php

@@ -193,8 +193,8 @@ public function listing($name = '', $version = '')
         if (! $this->authorized()) {
             redirect('auth/login');
         }
-        $data['name'] = rawurldecode($name);
-        $data['version'] = rawurldecode($version);
+        $data['name'] = addslashes($name);
+        $data['version'] = addslashes($version);
         $data['page'] = 'clients';
         $data['scripts'] = array("clients/client_list.js");
         $obj = new View();