Rooba
/
boinc
mirror of https://github.com/BOINC/boinc.git
1
0
Fork 0
Code Issues 1 Packages Projects Releases Wiki Activity

web: fix XSS vulnerability in team_member.php

This commit is contained in:
David Anderson 2013-07-18 12:50:42 -07:00
parent afdfc215d7
commit 1117e03d54
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
html/user/team_members.php
View File

@ -24,6 +24,7 @@ check_get_args(array("sort_by", "offset", "teamid"));
if (isset($_GET["sort_by"])) { if (isset($_GET["sort_by"])) {
$sort_by = $_GET["sort_by"]; $sort_by = $_GET["sort_by"];
$sort_by = strip_tags($sort_by); // remove XSS nonsense
} else { } else {
$sort_by = "expavg_credit"; $sort_by = "expavg_credit";
} }