diff options
Diffstat (limited to 'usr/local/www/pkg.php')
| -rwxr-xr-x | usr/local/www/pkg.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/usr/local/www/pkg.php b/usr/local/www/pkg.php index 813d338..cdcd431 100755 --- a/usr/local/www/pkg.php +++ b/usr/local/www/pkg.php @@ -39,7 +39,7 @@ function gentitle_pkg($pgname) { return $config['system']['hostname'] . "." . $config['system']['domain'] . " - " . $pgname; } -$xml = $_GET['xml']; +$xml = htmlspecialchars($_GET['xml']); if($xml == "") { print_info_box_np(gettext("ERROR: No package defined.")); @@ -107,7 +107,7 @@ include("head.inc"); include("fbegin.inc"); ?> <form action="pkg.php" method="post"> -<? if($_GET['savemsg'] <> "") $savemsg = $_GET['savemsg']; ?> +<? if($_GET['savemsg'] <> "") $savemsg = htmlspecialchars($_GET['savemsg']); ?> <?php if ($savemsg) print_info_box($savemsg); ?> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <?php |
