bugfix: delete_poll could be used for XSS

author: Benjamin Kellermann <Benjamin.Kellermann@gmx.de> 2011-05-25 07:50:38 +0200
committer: Benjamin Kellermann <Benjamin.Kellermann@gmx.de> 2011-05-25 07:50:38 +0200
commit: 94568a50e9bdf631d9594c6794300e280cdce175 (patch)
tree: 25d280385441f478a4103bb37969f40f50eff555 /delete_poll.rb
parent: bd0e9396784689e2c5bd55361bf33e402a2009c0 (diff)
1 files changed, 4 insertions, 4 deletions
diff --git a/delete_poll.rb b/delete_poll.rb
index 93458cc..6f2e506 100755
--- a/delete_poll.rb
+++ b/delete_poll.rb
@@ -31,7 +31,7 @@ QUESTIONS = [ "phahqu3Uib4neiRi",
              _("I am aware of the consequences."),
              _("Please delete this poll.")]
 
-USERCONFIRM = $cgi["confirm"].strip
+USERCONFIRM = CGI.escapeHTML($cgi["confirm"].strip)
 if $cgi.include?("confirmnumber")
  CONFIRM = $cgi["confirmnumber"].to_i
 	if USERCONFIRM == QUESTIONS[CONFIRM]
@@ -107,9 +107,9 @@ $d.html << %{
 	#{hint}
 	<form method='post' action='' accept-charset='utf-8'>
 		<div>
-			<input type='hidden' name='confirmnumber' value='#{CONFIRM}' />
-			<input size='30' type='text' name='confirm' value='#{USERCONFIRM}' />
-			<input type='submit' value='#{deletestr}' />
+			<input type='hidden' name='confirmnumber' value="#{CONFIRM}" />
+			<input size='30' type='text' name='confirm' value="#{USERCONFIRM}" />
+			<input type='submit' value="#{deletestr}" />
 		</div>
 	</form>
 }
author	Benjamin Kellermann <Benjamin.Kellermann@gmx.de>	2011-05-25 07:50:38 +0200
committer	Benjamin Kellermann <Benjamin.Kellermann@gmx.de>	2011-05-25 07:50:38 +0200
commit	94568a50e9bdf631d9594c6794300e280cdce175 (patch)
tree	25d280385441f478a4103bb37969f40f50eff555 /delete_poll.rb
parent	bd0e9396784689e2c5bd55361bf33e402a2009c0 (diff)