ChangeSet ID:	14934
CVSROOT:	/opt/cvs-commit
Module name:	appdb
Changes by:	wineowner@wine.codeweavers.com	2004/12/19 11:54:09

Modified files:
	.              : account.php search.php 

Log message:
	Marcus Meissner <marcus@jet.franken.de>
	Fix 2 cross site scripting problems.

Patch: http://cvs.winehq.org/patch.py?id=14934

Old revision  New revision  Changes     Path
 1.6           1.7           +1 -1       appdb/account.php
 1.4           1.5           +1 -1       appdb/search.php

Index: appdb/account.php
diff -u -p appdb/account.php:1.6 appdb/account.php:1.7
--- appdb/account.php:1.6	Thu Jun 20 07:54:56 2013
+++ appdb/account.php	Thu Jun 20 07:54:56 2013
@@ -169,7 +169,7 @@ function cmd_send_passwd()
     }
     else
     {
-        addmsg("Sorry, that username (".$_POST['ext_username'].") does not exist.", "red");
+        addmsg("Sorry, that username (". urlencode($_POST['ext_username']) .") does not exist.", "red");
     }
     
     redirect(apidb_fullurl("account.php?cmd=login"));

Index: appdb/search.php
diff -u -p appdb/search.php:1.4 appdb/search.php:1.5
--- appdb/search.php:1.4	Thu Jun 20 07:54:56 2013
+++ appdb/search.php	Thu Jun 20 07:54:56 2013
@@ -16,7 +16,7 @@ if(mysql_num_rows($result) == 0)
 {
 	// do something
 	echo html_frame_start("","98%");
-	echo "No matches found for ".$_REQUEST['q']."\n";
+	echo "No matches found for ". urlencode($_REQUEST['q']) .  "\n";
 	echo html_frame_end();
 }
 else