security improved for some pages with strip_tags of

2 files changed, 7 insertions, 4 deletions

diff --git a/en/about/constitution/index.php b/en/about/constitution/index.php
index 00bcb49f9..70ae88108 100644
--- a/en/about/constitution/index.php
+++ b/en/about/constitution/index.php
@@ -34,9 +34,9 @@ _lang_load($locale, "about/constitution");
                 <div class="para">
                     <?php
                     include G_APP_ROOT . '/lib/php-markdown/markdown.php';
-                    $l = isset($_GET['l']) ? $_GET['l'] : $locale;
-                    if(in_array($l, array('en', 'fr', 'sl', 'tr', 'ro', 'de', 'pt-br', 'el', 'id', 'uk', 'ru', 'es'))) {
-                        echo Markdown(file_get_contents('mageia.org_statutes_' . $l . '.md'));
+//                    $l = isset($_GET['l']) ? $_GET['l'] : $locale;
+                    if(in_array($locale, array('en', 'fr', 'sl', 'tr', 'ro', 'de', 'pt-br', 'el', 'id', 'uk', 'ru', 'es'))) {
+                        echo Markdown(file_get_contents('mageia.org_statutes_' . $locale . '.md'));
                     } else {
                         echo Markdown(file_get_contents('mageia.org_statutes_en.md'));
                     }
diff --git a/en/downloads/get/index.php b/en/downloads/get/index.php
index ca1325af3..39d7a7f56 100644
--- a/en/downloads/get/index.php
+++ b/en/downloads/get/index.php
@@ -38,7 +38,10 @@ require 'lib.php';
 // request
 $product = get('q');
 $debug   = get('d');
-$torrent = isset($_GET['torrent']) ? true : false;
+if (isset($_GET['torrent'])) {
+    $torrent = strip_tags(trim($_GET['torrent']));
+}
+$torrent = isset($torrent) ? true : false;
 
 if (is_null($product)) {
     header('Location: /downloads/');