Commit a774b3d3 authored by Lukas Fleischer's avatar Lukas Fleischer
Browse files

Merge branch 'maint'

parents 7cb89be8 19789c3f
......@@ -2,7 +2,7 @@
<!-- End of main content -->
<?php
if ($ver) {
echo "<div class=\"pgbox version\">$ver</div>";
echo "<div class=\"pgbox version\">" . htmlspecialchars($ver) . "</div>";
}
?>
</body>
......
......@@ -2,9 +2,9 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
xml:lang="<?php print "$LANG\" lang=\"$LANG"; ?>">
xml:lang="<?php print htmlspecialchars($LANG, ENT_QUOTES) ?>" lang="<?php print htmlspecialchars($LANG, ENT_QUOTES) ?>">
<head>
<title>AUR (<?php print $LANG; ?>)<?php if ($title != "") { print " - " . $title; } ?></title>
<title>AUR (<?php print htmlspecialchars($LANG); ?>)<?php if ($title != "") { print " - " . htmlspecialchars($title); } ?></title>
<link rel='stylesheet' type='text/css' href='css/fonts.css' />
<link rel='stylesheet' type='text/css' href='css/containers.css' />
<link rel='stylesheet' type='text/css' href='css/arch.css' />
......@@ -52,8 +52,8 @@ reset($SUPPORTED_LANGS);
foreach ($SUPPORTED_LANGS as $lang => $lang_name) {
print '<a href="'
. htmlspecialchars($_SERVER["PHP_SELF"], ENT_QUOTES)
."?setlang=$lang\" title=\"$lang_name\">"
. strtolower($lang) . "</a>\n";
."?setlang=" . htmlspecialchars($lang, ENT_QUOTES) . "\" title=\"" . htmlspecialchars($lang_name, ENT_QUOTES) . "\">"
. htmlspecialchars(strtolower($lang)) . "</a>\n";
}
?>
</div>
......
......@@ -69,7 +69,7 @@ $out_of_date_time = ($row["OutOfDateTS"] == 0) ? $msg : gmdate("r", intval($row[
<p>
<span class='f2'><?php echo htmlspecialchars($row['Name']) . ' ' . htmlspecialchars($row['Version']) ?></span><br />
<span class='f3'><a href="<?php echo htmlspecialchars($row['URL'], ENT_QUOTES) . '">' . $row['URL'] ?></a></span><br />
<span class='f3'><a href="<?php echo htmlspecialchars($row['URL'], ENT_QUOTES) . '">' . htmlspecialchars($row['URL']) ?></a></span><br />
<span class='f3'><?php echo htmlspecialchars($row['Description'], ENT_QUOTES); ?></span>
</p>
......
......@@ -11,7 +11,7 @@
<td class="boxSoft">
<span class="f4"><span class="blue">
<a href="packages.php?ID=<?php print intval($row["ID"]); ?>">
<?php print $row["Name"] . ' ' . $row["Version"]; ?>
<?php print htmlspecialchars($row["Name"]) . ' ' . htmlspecialchars($row["Version"]); ?>
</a></span></span>
</td>
<td class="boxSoft">
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment