Changeset 1733
- Timestamp:
- 07/08/2008 08:28:09 PM (5 months ago)
- Files:
-
- trunk/admin/blog.func.php (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
trunk/admin/blog.func.php
r1731 r1733 317 317 if(strpos($url, "?") === false) $url .= "?"; 318 318 else $url .= "&"; 319 $url .= session_name() . "=" . session_id();319 $url .= session_name() . "=" . htmlspecialchars(session_id()); 320 320 } 321 321 return $url; … … 327 327 function add_session_id_input_tag() { 328 328 if(empty($_COOKIE[session_name()])) { 329 return "<input type='hidden' name='" . session_name() . "' value='" . session_id() . "' />";329 return "<input type='hidden' name='" . session_name() . "' value='" . htmlspecialchars(session_id()) . "' />"; 330 330 } 331 331 }
