Revision 656
Added by thorn almost 17 years ago
| view.php | ||
|---|---|---|
| 167 | 167 |
if($query_extra != '') {
|
| 168 | 168 |
?> |
| 169 | 169 |
<div class="selected_group_title"> |
| 170 |
<?php echo '<a href="'.$_SERVER['PHP_SELF'].'">'.PAGE_TITLE.'</a> >> '.$groups[$_GET['g']]['title']; ?>
|
|
| 170 |
<?php echo '<a href="'.htmlspecialchars(strip_tags($_SERVER['PHP_SELF'])).'">'.PAGE_TITLE.'</a> >> '.$groups[$_GET['g']]['title']; ?>
|
|
| 171 | 171 |
</div> |
| 172 | 172 |
<?php |
| 173 | 173 |
} |
Also available in: Unified diff
Added some missing add_slashes(), get_post_escaped(), and strip_tags() for $_POST, $_GET and $_REQUEST-data. Also for $_SERVER['PHP_SELF'].