From 31c57ef05165d49a187fd2fbc2b6a6602103b9c0 Mon Sep 17 00:00:00 2001
From: root <root@www.cacert.org>
Date: Mon, 24 Nov 2008 12:43:19 +0000
Subject: [PATCH] Added XSS prevention

---
 www/ac.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/www/ac.php b/www/ac.php
index 7c6b596..fe8ac18 100644
--- a/www/ac.php
+++ b/www/ac.php
@@ -23,7 +23,7 @@
 	$s = mysql_real_escape_string($_REQUEST['s']);
 
 	$id = mysql_real_escape_string(strip_tags($_REQUEST['id']));
-	echo "parent._ac_rpc('$id',";
+	echo "parent._ac_rpc('".sanitizeHTML($id)."',";
 
 	$bits = explode(",", $s);