From 25ba63fb0f31387842860274ec6dba68f58700c6 Mon Sep 17 00:00:00 2001
From: Renato Botelho <garga@FreeBSD.org>
Date: Tue, 18 Feb 2014 16:38:35 -0300
Subject: Take single and double quotes into consideration

---
 usr/local/www/pkg_mgr_install.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'usr/local')

diff --git a/usr/local/www/pkg_mgr_install.php b/usr/local/www/pkg_mgr_install.php
index e586c3f..3ec8a86 100755
--- a/usr/local/www/pkg_mgr_install.php
+++ b/usr/local/www/pkg_mgr_install.php
@@ -184,7 +184,7 @@ Rounded("div#mainareapkg","bl br","#FFF","#eeeeee","smooth");
 ob_flush();
 
 if ($_GET) {
-	$pkgname = str_replace(array("<", ">", ";", "&", "'"), "", htmlspecialchars_decode($_GET['pkg']));
+	$pkgname = str_replace(array("<", ">", ";", "&", "'", '"'), "", htmlspecialchars_decode($_GET['pkg'], ENT_QUOTES | ENT_HTML401));
 	switch($_GET['mode']) {
 	case 'showlog':
 		if (strpos($pkgname, ".")) {
-- 
cgit v1.1