[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-commits
Subject:    www/media/includes/classes
From:       Dirk Mueller <mueller () kde ! org>
Date:       2007-08-16 19:53:52
Message-ID: 1187294032.240320.20452.nullmailer () svn ! kde ! org
[Download RAW message or body]

SVN commit 700925 by mueller:

fix XSS vulnerabily in kde.org page framework, as found by
Westpoint Internet Reconnaissance Services


 M  +1 -1      class_handler404.inc  


--- trunk/www/media/includes/classes/class_handler404.inc #700924:700925
@@ -90,7 +90,7 @@
 		print "<html><head><title>404 Not found</title></head>\n";
 		print "<body>\n";
 		print "<h1>Not Found</h1>\n";
-		print "<p>The requested URL ". $_SERVER['REQUEST_URI'] . " was not found on this \
server.</p>\n"; +		print "<p>The requested URL ". \
htmlspecialchars($_SERVER['REQUEST_URI']) . " was not found on this server.</p>\n";  \
print "</body>\n";  print "</html>\n";
 


[prev in list] [next in list] [prev in thread] [next in thread]