* fix XSS in include_exclude_key

author Don Armstrong <don@donarmstrong.com>

Wed, 6 Jan 2010 07:48:11 +0000 (23:48 -0800)

committer Don Armstrong <don@donarmstrong.com>

Wed, 6 Jan 2010 07:48:11 +0000 (23:48 -0800)
author Don Armstrong <don@donarmstrong.com>
Wed, 6 Jan 2010 07:48:11 +0000 (23:48 -0800)
committer Don Armstrong <don@donarmstrong.com>
Wed, 6 Jan 2010 07:48:11 +0000 (23:48 -0800)
diff --git a/templates/en_US/cgi/pkgreport_options_include_exclude_key.tmpl b/templates/en_US/cgi/pkgreport_options_include_exclude_key.tmpl

index da67c300aab038441f6c77fe48422131a4a1f4c5..ab0a246e89a071440c123fa5b523192da058c251 100644 (file)
--- a/templates/en_US/cgi/pkgreport_options_include_exclude_key.tmpl
+++ b/templates/en_US/cgi/pkgreport_options_include_exclude_key.tmpl
@@ -9,6 +9,6 @@
                         package    => 'with package',
                         ],$key1||'')}
  </select>
-<input type="text" name="_fo_{$incexc}value" value ="{$key2||''}">
+<input type="text" name="_fo_{$incexc}value" value ="{html_escape($key2)||''}">
  <!-- {$value_index} -->
  </nobr>
author	Don Armstrong <don@donarmstrong.com>
	Wed, 6 Jan 2010 07:48:11 +0000 (23:48 -0800)
committer	Don Armstrong <don@donarmstrong.com>
	Wed, 6 Jan 2010 07:48:11 +0000 (23:48 -0800)