From b1d37d64a563cf159a110f0138d7bb6ff71c57ba Mon Sep 17 00:00:00 2001
From: Benjamin Kellermann <Benjamin.Kellermann@gmx.de>
Date: Sun, 17 Apr 2011 20:18:06 +0200
Subject: bugfix: Polltitle caused possible XSS (thanks to Michael Kerscher)

---
 index.cgi | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'index.cgi')

diff --git a/index.cgi b/index.cgi
index ff884c2..c519d5d 100755
--- a/index.cgi
+++ b/index.cgi
@@ -66,7 +66,7 @@ if $cgi.include?("create_poll") && $cgi.include?("poll_url")
 				File.open(f,"w").close
 				VCS.add(f)
 			}
-			Poll.new(POLLTITLE,$cgi["poll_type"])
+			Poll.new(CGI.escapeHTML(POLLTITLE),$cgi["poll_type"])
 			Dir.chdir("..")
 			$d.html.header["status"] = "REDIRECT"
 			$d.html.header["Cache-Control"] = "no-cache"
-- 
cgit v1.2.3