diff options
-rwxr-xr-x | usr/local/www/fbegin.inc | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/usr/local/www/fbegin.inc b/usr/local/www/fbegin.inc index b720ca1..0f8a795 100755 --- a/usr/local/www/fbegin.inc +++ b/usr/local/www/fbegin.inc @@ -262,13 +262,13 @@ if ($_REQUEST['noticeaction'] == 'acknowledge') { $noticemsg = str_replace("<br>", "", $noticemsg); $extra_args = ""; if($_GET['xml']) - $extraargs="&xml=" . $_GET['xml']; + $extraargs="&xml=" . htmlspecialchars($_GET['xml']); if($_POST['xml']) - $extraargs="&xml=" . $_POST['xml']; + $extraargs="&xml=" . htmlspecialchars($_POST['xml']); if($_GET['id']) - $extraargs="&xml=" . $_GET['id']; + $extraargs="&xml=" . htmlspecialchars($_GET['id']); if($_POST['id']) - $extraargs="&xml=" . $_POST['id']; + $extraargs="&xml=" . htmlspecialchars($_POST['id']); $notice_msgs = '<a href="?noticeaction=acknowledge¬iceid=all' . $extraargs . '">Acknowledge All</a> .:. '; if ($value['url']) { $notice_msgs .= $date.' - <a href="'.$url.'?' . htmlspecialchars($request_string) . '¬iceaction=acknowledge¬iceid='.$key.'">['.$value['id'].']</a>'; |