[kp380lv]

Potential dangerous XSS hole in simpaty.php

Find this:

Code:

<form action=\"" . $_SERVER["PHP_SELF"] . "?action=add&amp;" . ($resp_type == 1?'good':'bad') . "&amp;type=$type&amp;targetid=$targetid\" method=\"post\">

And replace with this:

Code:

<form action=\"" . $_SERVER["PHP_SELF"] . "?action=add&amp;" . ($resp_type == 1?'good':'bad') . "&amp;type=".htmlspecialchars($type)."&amp;targetid=$targetid\" method=\"post\">

Then in simpaty.php find this:

Code:

$type = $_GET['type'

And replace with:

Code:

$type = htmlentities($_GET['type']);

index.php - (Blind SQL Injection in index.php)

Find this:

Code:

$choice = $_POST["choice"];

Replace with:

Code:

$choice = (int) $_POST["choice"];

This list still be updated!!!