Permalink
Browse files

Fix XSS in function.php, reported by Mateusz Goik.

I'm not sure why the name and the type the functions were not escaped
*on purpose* here. There's no more reason here than in any other place
with other PostgreSQL objects to not escape the name or the type...
  • Loading branch information...
1 parent 5a29e20 commit 74174ad639664b52cc1609ede0af8bc403e98a00 @ioguix ioguix committed Feb 27, 2012
Showing with 0 additions and 2 deletions.
  1. +0 −2 functions.php
View
@@ -773,14 +773,12 @@ function doDefault($msg = '') {
'function' => array(
'title' => $lang['strfunction'],
'field' => field('proproto'),
- 'type' => 'verbatim',
'url' => "redirect.php?subject=function&action=properties&{$misc->href}&",
'vars' => array('function' => 'proproto', 'function_oid' => 'prooid'),
),
'returns' => array(
'title' => $lang['strreturns'],
'field' => field('proreturns'),
- 'type' => 'verbatim',
),
'owner' => array(
'title' => $lang['strowner'],

0 comments on commit 74174ad

Please sign in to comment.