Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fix XSS in function.php, reported by Mateusz Goik.
I'm not sure why the name and the type the functions were not escaped
*on purpose* here. There's no more reason here than in any other place
with other PostgreSQL objects to not escape the name or the type...
  • Loading branch information
ioguix committed Feb 27, 2012
1 parent 5a29e20 commit 74174ad
Showing 1 changed file with 0 additions and 2 deletions.
2 changes: 0 additions & 2 deletions functions.php
Expand Up @@ -773,14 +773,12 @@ function doDefault($msg = '') {
'function' => array(
'title' => $lang['strfunction'],
'field' => field('proproto'),
'type' => 'verbatim',
'url' => "redirect.php?subject=function&action=properties&{$misc->href}&",
'vars' => array('function' => 'proproto', 'function_oid' => 'prooid'),
),
'returns' => array(
'title' => $lang['strreturns'],
'field' => field('proreturns'),
'type' => 'verbatim',
),
'owner' => array(
'title' => $lang['strowner'],
Expand Down

0 comments on commit 74174ad

Please sign in to comment.