diff options
| author | Benjamin Kellermann <Benjamin.Kellermann@gmx.de> | 2011-04-17 20:18:06 +0200 |
|---|---|---|
| committer | Benjamin Kellermann <Benjamin.Kellermann@gmx.de> | 2011-04-17 20:18:06 +0200 |
| commit | b1d37d64a563cf159a110f0138d7bb6ff71c57ba (patch) | |
| tree | 5510d3e88dba7f74b689bbcfa44b14ff7d674d00 /index.cgi | |
| parent | 6ac2aeeb8f50491d3618aec11c98d17c5c59da0f (diff) | |
bugfix: Polltitle caused possible XSS (thanks to Michael Kerscher)
Diffstat (limited to 'index.cgi')
| -rwxr-xr-x | index.cgi | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -66,7 +66,7 @@ if $cgi.include?("create_poll") && $cgi.include?("poll_url") File.open(f,"w").close VCS.add(f) } - Poll.new(POLLTITLE,$cgi["poll_type"]) + Poll.new(CGI.escapeHTML(POLLTITLE),$cgi["poll_type"]) Dir.chdir("..") $d.html.header["status"] = "REDIRECT" $d.html.header["Cache-Control"] = "no-cache" |