Fix XSS on field_str in db_search.php.

2010-08-17 16:20:15 +02:00
parent f3f073a0ba
commit 6d548f7d44
1 changed files with 1 additions and 1 deletions
--- a/db_search.php
+++ b/db_search.php
@@ -355,7 +355,7 @@ $alter_select =
    <tr><td align="right">
            <?php echo $GLOBALS['strSearchInField']; ?></td>
        <td><input type="text" name="field_str" size="60"
-                value="<?php echo ! empty($field_str) ? $field_str : ''; ?>" /></td>
+                value="<?php echo ! empty($field_str) ? htmlspecialchars($field_str) : ''; ?>" /></td>
    </tr>
    </table>
 </fieldset>