From 549954949a402ba5bc84cfb83cda3d62a8e1a887 Mon Sep 17 00:00:00 2001 From: "justdave%syndicomm.com" <> Date: Sat, 25 Aug 2001 00:32:24 +0000 Subject: Fix for bug 95235: variables with untrusted content were being echoed back to the user in error messages. Those variables are now run through html_quote() first. Patch by Gavin Shelley r= justdave@syndicomm.com --- process_bug.cgi | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'process_bug.cgi') diff --git a/process_bug.cgi b/process_bug.cgi index 82e9cb988..53ec8d9da 100755 --- a/process_bug.cgi +++ b/process_bug.cgi @@ -749,7 +749,8 @@ if ($::FORM{'keywords'}) { } my $i = GetKeywordIdFromName($keyword); if (!$i) { - PuntTryAgain("Unknown keyword named $keyword. " . + PuntTryAgain("Unknown keyword named " . + html_quote($keyword) . ". " . "

The legal keyword names are " . "" . "listed here."); -- cgit v1.2.1