[aur-dev] [PATCH] pkgbase.php: Escape error messages

Lukas Fleischer lfleischer at archlinux.org
Wed Jun 10 06:59:14 UTC 2015


Fixes FS#45284.

Signed-off-by: Lukas Fleischer <lfleischer at archlinux.org>
---
 web/html/pkgbase.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/web/html/pkgbase.php b/web/html/pkgbase.php
index 2f8f932..c834f8b 100644
--- a/web/html/pkgbase.php
+++ b/web/html/pkgbase.php
@@ -146,9 +146,9 @@ html_header($title, $details);
 
 <?php if ($output): ?>
 <?php if ($ret): ?>
-<p class="pkgoutput"><?= $output ?></p>
+<p class="pkgoutput"><?= htmlspecialchars($output) ?></p>
 <?php else: ?>
-<ul class="errorlist"><li><?= $output ?></li></ul>
+<ul class="errorlist"><li><?= htmlspecialchars($output) ?></li></ul>
 <?php endif; ?>
 <?php endif; ?>
 
-- 
2.4.2


More information about the aur-dev mailing list