From 4226ef6f206ce7a5d81b3f04b85d4b47937a0f0f Mon Sep 17 00:00:00 2001
From: Filip Komar <filip@mageia.org>
Date: Fri, 10 Jan 2014 20:16:39 +0000
Subject: security improved for some pages with strip_tags of

---
 en/downloads/get/index.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'en/downloads')

diff --git a/en/downloads/get/index.php b/en/downloads/get/index.php
index ca1325af3..39d7a7f56 100644
--- a/en/downloads/get/index.php
+++ b/en/downloads/get/index.php
@@ -38,7 +38,10 @@ require 'lib.php';
 // request
 $product = get('q');
 $debug   = get('d');
-$torrent = isset($_GET['torrent']) ? true : false;
+if (isset($_GET['torrent'])) {
+    $torrent = strip_tags(trim($_GET['torrent']));
+}
+$torrent = isset($torrent) ? true : false;
 
 if (is_null($product)) {
     header('Location: /downloads/');
-- 
cgit v1.2.1