[100020] trunk/www/ports.php

Sat Nov 24 01:29:12 PST 2012

Revision: 100020
          https://trac.macports.org/changeset/100020
Author:   ryandesign at macports.org
Date:     2012-11-24 01:29:12 -0800 (Sat, 24 Nov 2012)
Log Message:
-----------
ports.php: variables in URLs need to be escaped with urlencode() not htmlspecialchars()

Modified Paths:
--------------
    trunk/www/ports.php

Modified: trunk/www/ports.php
===================================================================

--- trunk/www/ports.php	2012-11-24 09:01:32 UTC (rev 100019)
+++ trunk/www/ports.php	2012-11-24 09:29:12 UTC (rev 100020)
@@ -146,7 +146,7 @@
                     if ($i == $page) {
                         $pagecontrol .= "<b>$i</b>";
                     } else {
-                        $pagecontrol .= "<a href=\"$_SERVER[PHP_SELF]?by=$by&amp;substr=" . htmlspecialchars($substr) . "&amp;page=$i&amp;pagesize=$pagesize\">$i</a>";
+                        $pagecontrol .= "<a href=\"$_SERVER[PHP_SELF]?by=$by&amp;substr=" . urlencode($substr) . "&amp;page=$i&amp;pagesize=$pagesize\">$i</a>";
                     }
                 }
                 $pagecontrol .= "</p>";
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/macports-changes/attachments/20121124/0a6b03fe/attachment.html>
