[www-doc] [Git][VideoLAN.org/websites][master] Attempt to fix an XSS reported on v at v.o
Ludovic Fauvet
gitlab at videolan.org
Mon Jul 3 13:17:39 CEST 2017
Ludovic Fauvet pushed to branch master at VideoLAN organization / websites
Commits:
e8ed494c by Ludovic Fauvet at 2017-07-03T13:17:34+02:00
Attempt to fix an XSS reported on v at v.o
- - - - -
1 changed file:
- www.videolan.org/vlc/download-skins2-go.php
Changes:
=====================================
www.videolan.org/vlc/download-skins2-go.php
=====================================
--- a/www.videolan.org/vlc/download-skins2-go.php
+++ b/www.videolan.org/vlc/download-skins2-go.php
@@ -4,15 +4,16 @@ if( strpos( $url, "/" ) ) $url ="";
#if( strpos( $url, " " ) ) $url ="";
if( strpos( $url, '"' ) ) $url ="";
if( strpos( $url, "'" ) ) $url ="";
-echo $url;
+$displayURL = htmlspecialchars($url, ENT_QUOTES, 'UTF-8');
+echo $displayURL;
?>
<html>
<head>
<title>VideoLAN - Download skin</title>
- <meta http-equiv="refresh" content="0; url=//www.videolan.org/vlc/skins2/<?php echo $url; ?>" />
+ <meta http-equiv="refresh" content="0; url=//www.videolan.org/vlc/skins2/<?php echo $displayURL; ?>" />
</head>
<body>
- <p>Click <a href="//www.videolan.org/vlc/skins2/<?php echo $url; ?>">here</a> if your download doesn't start.</p>
+ <p>Click <a href="//www.videolan.org/vlc/skins2/<?php echo $displayURL; ?>">here</a> if your download doesn't start.</p>
<?php
if( $url != "" )
{
View it on GitLab: https://code.videolan.org/VideoLAN.org/websites/commit/e8ed494cecb51d47d16ffb6e359aab0a8b17ebe3
---
View it on GitLab: https://code.videolan.org/VideoLAN.org/websites/commit/e8ed494cecb51d47d16ffb6e359aab0a8b17ebe3
You're receiving this email because of your account on code.videolan.org.
More information about the www-doc
mailing list