blob: 4f525c29253b6704e8c102e46bb14a7532e4a1a5 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
|
--- includes/system_footer.php.orig Tue Jul 31 10:35:50 2007
+++ includes/system_footer.php Tue Jul 31 10:35:52 2007
@@ -29,7 +29,7 @@
if( ! $hide_picklist ) {
echo "<center>\n";
- $update_form = "<form method=\"POST\" action=\"" . $_SERVER['PHP_SELF'] . "\">\n" . "\t" . $text['template'] . ": \n" . "\t<select name=\"template\">\n";
+ $update_form = "<form method=\"POST\" action=\"" . htmlentities(strip_tags($_SERVER['PHP_SELF'])) . "\">\n" . "\t" . $text['template'] . ": \n" . "\t<select name=\"template\">\n";
$resDir = opendir( APP_ROOT . '/templates/' );
while( false !== ( $strFile = readdir( $resDir ) ) ) {
|
