From 4b735f6d8940f67d836c53c4362088dedb4d0e42 Mon Sep 17 00:00:00 2001
From: andrew <andrew@c91229c3-7414-0410-bfa2-8a42b809f60b>
Date: Wed, 3 Mar 2004 14:41:07 +0000
Subject: [PATCH] Removed some more potential XSS problems.

---
 presentation/lookAndFeel/knowledgeTree/create.php | 2 +-
 presentation/lookAndFeel/knowledgeTree/store.php  | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/presentation/lookAndFeel/knowledgeTree/create.php b/presentation/lookAndFeel/knowledgeTree/create.php
index cfdb4b4..e4cd407 100644
--- a/presentation/lookAndFeel/knowledgeTree/create.php
+++ b/presentation/lookAndFeel/knowledgeTree/create.php
@@ -98,7 +98,7 @@ if ($oObject->create()) {
 
 //redirect the user
 if (isset($fRedirectURL)) {
-	redirect(urldecode($fRedirectURL) . $oObject->iId . "&fSuccess=" . $bSuccess);
+	redirect(strip_tags(urldecode($fRedirectURL)) . $oObject->iId . "&fSuccess=" . $bSuccess);
 } else {
 	redirect("$default->rootUrl/control.php");
 }
diff --git a/presentation/lookAndFeel/knowledgeTree/store.php b/presentation/lookAndFeel/knowledgeTree/store.php
index aa8402a..ed24bf2 100644
--- a/presentation/lookAndFeel/knowledgeTree/store.php
+++ b/presentation/lookAndFeel/knowledgeTree/store.php
@@ -42,6 +42,6 @@ if (count($_POST) > 0) {
 		$sql = $default->db;
 		$sql->query($aQueries[$i]);
 	}
-	redirect(urldecode($fReturnURL));
+	redirect(strip_tags(urldecode($fReturnURL)));
 }
-?>
\ No newline at end of file
+?>
--
libgit2 0.21.4