Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fix XSS vulnerabilities described on http://seclists.org/fulldisclosu…
  • Loading branch information
ashcs committed Sep 18, 2011
1 parent 3adda2f commit dd50a50
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions include/functions.php
Expand Up @@ -2,7 +2,7 @@
/**
* Loads common functions used throughout the site.
*
* @copyright (C) 2008-2009 PunBB, partially based on code (C) 2008-2009 FluxBB.org
* @copyright (C) 2008-2011 PunBB, partially based on code (C) 2008-2009 FluxBB.org
* @license http://www.gnu.org/licenses/gpl.html GPL version 2 or higher
* @package PunBB
*/
Expand Down Expand Up @@ -2672,7 +2672,7 @@ function _csrf_confirm_form($key, $values)
<div class="ct-box info-box">
<p><?php echo $lang_common['CSRF token mismatch'] ?></p>
</div>
<form class="frm-form" method="post" accept-charset="utf-8" action="<?php echo $forum_page['form_action'] ?>">
<form class="frm-form" method="post" accept-charset="utf-8" action="<?php echo forum_htmlencode($forum_page['form_action']) ?>">
<div class="hidden">
<?php echo implode("\n\t\t\t\t", $forum_page['hidden_fields'])."\n" ?>
</div>
Expand Down

0 comments on commit dd50a50

Please sign in to comment.