diff options
author | Benjamin Kellermann <Benjamin.Kellermann@gmx.de> | 2011-04-17 20:18:06 +0200 |
---|---|---|
committer | Benjamin Kellermann <Benjamin.Kellermann@gmx.de> | 2011-04-17 20:18:06 +0200 |
commit | b1d37d64a563cf159a110f0138d7bb6ff71c57ba (patch) | |
tree | 5510d3e88dba7f74b689bbcfa44b14ff7d674d00 | |
parent | 6ac2aeeb8f50491d3618aec11c98d17c5c59da0f (diff) |
bugfix: Polltitle caused possible XSS (thanks to Michael Kerscher)
-rwxr-xr-x | index.cgi | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -66,7 +66,7 @@ if $cgi.include?("create_poll") && $cgi.include?("poll_url") File.open(f,"w").close VCS.add(f) } - Poll.new(POLLTITLE,$cgi["poll_type"]) + Poll.new(CGI.escapeHTML(POLLTITLE),$cgi["poll_type"]) Dir.chdir("..") $d.html.header["status"] = "REDIRECT" $d.html.header["Cache-Control"] = "no-cache" |