dufuz Sat May 14 13:42:01 2005 EDT
Modified files:
/pearweb/public_html/error 404.php
Log:
Lets be on the safe side and lets strips tags and use htmlentities
http://cvs.php.net/diff.php/pearweb/public_html/error/404.php?r1=1.23&r2=1.24&ty=u
Index: pearweb/public_html/error/404.php
diff -u pearweb/public_html/error/404.php:1.23
pearweb/public_html/error/404.php:1.24
--- pearweb/public_html/error/404.php:1.23 Wed Feb 23 01:30:41 2005
+++ pearweb/public_html/error/404.php Sat May 14 13:42:01 2005
@@ -15,7 +15,7 @@
+----------------------------------------------------------------------+
| Authors: |
+----------------------------------------------------------------------+
- $Id: 404.php,v 1.23 2005/02/23 06:30:41 cellog Exp $
+ $Id: 404.php,v 1.24 2005/05/14 17:42:01 dufuz Exp $
*/
/**
@@ -37,6 +37,7 @@
}
$pkg = strtr($_SERVER['REDIRECT_URL'], '-','_');
+$pkg = htmlentitis($pkg);
$pinfo_url = '/package/';
// Check strictly
@@ -75,12 +76,12 @@
<h1>Error 404 - document not found</h1>
-<p>The requested document <i><?php echo $_SERVER['REQUEST_URI']; ?></i> was not
+<p>The requested document <i><?php echo strip_tags($_SERVER['REQUEST_URI']);
?></i> was not
found on this server.</p>
-<?php if(is_array($packages) && count($packages) > 0) { ?>
+<?php if (is_array($packages) && count($packages) > 0) { ?>
Searching the current list of packages for
- <i><?php echo basename($_SERVER['REQUEST_URI']); ?></i> included the
+ <i><?php echo basename(strip_tags($_SERVER['REQUEST_URI'])); ?></i>
included the
following results:
<ul>
@@ -94,7 +95,7 @@
<?php if($show_search_link) { ?>
<p align="center">
- <?php print_link(getURL('/package-search.php?pkg_name='
. basename($_SERVER['REQUEST_URI']) . '&bool=AND&submit=Search'), 'View
full search results...'); ?>
+ <?php print_link(getURL('/package-search.php?pkg_name='
. basename(strip_tags($_SERVER['REQUEST_URI'])) .
'&bool=AND&submit=Search'), 'View full search results...'); ?>
</p>
<?php
}
|
