Commit e8ed494c authored by Ludovic Fauvet's avatar Ludovic Fauvet

Attempt to fix an XSS reported on v@v.o

parent fa64bfbc
...@@ -4,15 +4,16 @@ if( strpos( $url, "/" ) ) $url =""; ...@@ -4,15 +4,16 @@ if( strpos( $url, "/" ) ) $url ="";
#if( strpos( $url, " " ) ) $url =""; #if( strpos( $url, " " ) ) $url ="";
if( strpos( $url, '"' ) ) $url =""; if( strpos( $url, '"' ) ) $url ="";
if( strpos( $url, "'" ) ) $url =""; if( strpos( $url, "'" ) ) $url ="";
echo $url; $displayURL = htmlspecialchars($url, ENT_QUOTES, 'UTF-8');
echo $displayURL;
?> ?>
<html> <html>
<head> <head>
<title>VideoLAN - Download skin</title> <title>VideoLAN - Download skin</title>
<meta http-equiv="refresh" content="0; url=//www.videolan.org/vlc/skins2/<?php echo $url; ?>" /> <meta http-equiv="refresh" content="0; url=//www.videolan.org/vlc/skins2/<?php echo $displayURL; ?>" />
</head> </head>
<body> <body>
<p>Click <a href="//www.videolan.org/vlc/skins2/<?php echo $url; ?>">here</a> if your download doesn't start.</p> <p>Click <a href="//www.videolan.org/vlc/skins2/<?php echo $displayURL; ?>">here</a> if your download doesn't start.</p>
<?php <?php
if( $url != "" ) if( $url != "" )
{ {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment