Skip to content

Commit dd50a50

Browse files
author
ashcs
committed
Fix XSS vulnerabilities described on http://seclists.org/fulldisclosure/2011/Sep/158
1 parent 3adda2f commit dd50a50

File tree

1 file changed

+2
-2
lines changed

1 file changed

+2
-2
lines changed

Diff for: include/functions.php

+2-2
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
/**
33
* Loads common functions used throughout the site.
44
*
5-
* @copyright (C) 2008-2009 PunBB, partially based on code (C) 2008-2009 FluxBB.org
5+
* @copyright (C) 2008-2011 PunBB, partially based on code (C) 2008-2009 FluxBB.org
66
* @license http://www.gnu.org/licenses/gpl.html GPL version 2 or higher
77
* @package PunBB
88
*/
@@ -2672,7 +2672,7 @@ function _csrf_confirm_form($key, $values)
26722672
<div class="ct-box info-box">
26732673
<p><?php echo $lang_common['CSRF token mismatch'] ?></p>
26742674
</div>
2675-
<form class="frm-form" method="post" accept-charset="utf-8" action="<?php echo $forum_page['form_action'] ?>">
2675+
<form class="frm-form" method="post" accept-charset="utf-8" action="<?php echo forum_htmlencode($forum_page['form_action']) ?>">
26762676
<div class="hidden">
26772677
<?php echo implode("\n\t\t\t\t", $forum_page['hidden_fields'])."\n" ?>
26782678
</div>

0 commit comments

Comments
 (0)