Fixed XSS
This commit is contained in:
parent
bbb8a07a03
commit
27d3f15e2f
1 changed files with 3 additions and 3 deletions
|
@ -61,18 +61,18 @@
|
||||||
<? } ?>
|
<? } ?>
|
||||||
<tr>
|
<tr>
|
||||||
<td class="DataTD"><?=_("Subject")?>:</td>
|
<td class="DataTD"><?=_("Subject")?>:</td>
|
||||||
<td class="DataTD" align="left"><input type="text" name="subject" value="<?=strip_tags($_POST['subject'])?>"></td>
|
<td class="DataTD" align="left"><input type="text" name="subject" value="<?=sanitizeHTML($_POST['subject'])?>"></td>
|
||||||
</tr>
|
</tr>
|
||||||
<tr>
|
<tr>
|
||||||
<td class="DataTD"><?=_("Message")?>:</td>
|
<td class="DataTD"><?=_("Message")?>:</td>
|
||||||
<td class="DataTD"><textarea name="message" cols="40" rows="5" wrap="virtual"><?=strip_tags($_POST['message'])?></textarea></td>
|
<td class="DataTD"><textarea name="message" cols="40" rows="5" wrap="virtual"><?=sanitizeHTML($_POST['message'])?></textarea></td>
|
||||||
</tr>
|
</tr>
|
||||||
<tr>
|
<tr>
|
||||||
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Send")?>"></td>
|
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Send")?>"></td>
|
||||||
</tr>
|
</tr>
|
||||||
</table>
|
</table>
|
||||||
<input type="hidden" name="pageid" value="<?=$_SESSION['_config']['pagehash']?>">
|
<input type="hidden" name="pageid" value="<?=$_SESSION['_config']['pagehash']?>">
|
||||||
<input type="hidden" name="userid" value="<?=$_REQUEST['userid']?>">
|
<input type="hidden" name="userid" value="<?=intval($_REQUEST['userid'])?>">
|
||||||
<input type="hidden" name="oldid" value="<?=$id?>">
|
<input type="hidden" name="oldid" value="<?=$id?>">
|
||||||
</form>
|
</form>
|
||||||
<p>[ <a href='javascript:history.go(-1)'>Go Back</a> ]</p>
|
<p>[ <a href='javascript:history.go(-1)'>Go Back</a> ]</p>
|
||||||
|
|
Loading…
Reference in a new issue