Fix 2 cross site scripting problems.

2004-12-19 17:54:09 +00:00
parent 8d8c98bc46
commit ddbd9ed0cc
2 changed files with 2 additions and 2 deletions
--- a/account.php
+++ b/account.php
@@ -169,7 +169,7 @@ function cmd_send_passwd()
    }
    else
    {
-        addmsg("Sorry, that username (".$_POST['ext_username'].") does not exist.", "red");
+        addmsg("Sorry, that username (". urlencode($_POST['ext_username']) .") does not exist.", "red");
    }
    
    redirect(apidb_fullurl("account.php?cmd=login"));
--- a/search.php
+++ b/search.php
@@ -16,7 +16,7 @@ if(mysql_num_rows($result) == 0)
 {
 	// do something
 	echo html_frame_start("","98%");
-	echo "No matches found for ".$_REQUEST['q']."\n";
+	echo "No matches found for ". urlencode($_REQUEST['q']) .  "\n";
 	echo html_frame_end();
 }
 else