Fixed XSS exploit #8 from ascii

17 years ago · 9c98d044f1
parent 543dddafa9
commit 9c98d044f1
1 changed files with 1 additions and 1 deletions
--- a/tverify/index/0.php
+++ b/tverify/index/0.php
@ -70,7 +70,7 @@
  </tr>
  <tr>
    <td class="DataTD" width="125"><?=_("Notary URL")?>: </td>
-    <td class="DataTD" width="125"><input type="text" name="notaryURL" value="<?=$_POST['notaryURL']?>"></td>
+    <td class="DataTD" width="125"><input type="text" name="notaryURL" value="<?=htmlentities($_POST['notaryURL'])?>"></td>
  </tr>
  <tr>
    <td class="DataTD" width="125"><?=_("Photo ID")?>: </td>