From b723b9f415c042a1e50790e5e0d18e5448b77cfd Mon Sep 17 00:00:00 2001 From: Robert Sesek Date: Sun, 20 Feb 2005 21:26:22 +0000 Subject: [PATCH] Fixed possible exploit in query link where the original URI was not sanitized. --- template.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/template.php b/template.php index f94aa84..17bde98 100644 --- a/template.php +++ b/template.php @@ -229,7 +229,7 @@ class DB_Template $debug .= "\n\t
  • Source Control: $scinfo
  • "; // query information - $debug .= "\n\t
  • Total Queries: " . sizeof($_isso->db->history) . " (?)
  • "; + $debug .= "\n\t
  • Total Queries: " . sizeof($_isso->db->history) . " (sanitize($_SERVER['REQUEST_URI']) . iff(strpos($_SERVER['REQUEST_URI'], '?') !== false, '&query=1', '?query=1') . "\">?)
  • "; // debug notices $debug .= "\n\t
  • \n\t\t