diff options
author | Benjamin Kellermann <Benjamin.Kellermann@gmx.de> | 2011-05-25 07:50:38 +0200 |
---|---|---|
committer | Benjamin Kellermann <Benjamin.Kellermann@gmx.de> | 2011-05-25 07:50:38 +0200 |
commit | 94568a50e9bdf631d9594c6794300e280cdce175 (patch) | |
tree | 25d280385441f478a4103bb37969f40f50eff555 /delete_poll.rb | |
parent | bd0e9396784689e2c5bd55361bf33e402a2009c0 (diff) |
bugfix: delete_poll could be used for XSS
Diffstat (limited to 'delete_poll.rb')
-rwxr-xr-x | delete_poll.rb | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/delete_poll.rb b/delete_poll.rb index 93458cc..6f2e506 100755 --- a/delete_poll.rb +++ b/delete_poll.rb @@ -31,7 +31,7 @@ QUESTIONS = [ "phahqu3Uib4neiRi", _("I am aware of the consequences."), _("Please delete this poll.")] -USERCONFIRM = $cgi["confirm"].strip +USERCONFIRM = CGI.escapeHTML($cgi["confirm"].strip) if $cgi.include?("confirmnumber") CONFIRM = $cgi["confirmnumber"].to_i if USERCONFIRM == QUESTIONS[CONFIRM] @@ -107,9 +107,9 @@ $d.html << %{ #{hint} <form method='post' action='' accept-charset='utf-8'> <div> - <input type='hidden' name='confirmnumber' value='#{CONFIRM}' /> - <input size='30' type='text' name='confirm' value='#{USERCONFIRM}' /> - <input type='submit' value='#{deletestr}' /> + <input type='hidden' name='confirmnumber' value="#{CONFIRM}" /> + <input size='30' type='text' name='confirm' value="#{USERCONFIRM}" /> + <input type='submit' value="#{deletestr}" /> </div> </form> } |