From 68224af8dd078754237cdd4db0fc187be8f96170 Mon Sep 17 00:00:00 2001
From: "Jehan-Guillaume (ioguix) de Rorthais" <ioguix@free.fr>
Date: Mon, 27 Feb 2012 23:45:55 +0100
Subject: [PATCH] Fix XSS in function.php, reported by Mateusz Goik.

I'm not sure why the name and the type the functions were not escaped
*on purpose* here. There's no more reason here than in any other place
with other PostgreSQL objects to not escape the name or the type...
---
 functions.php | 2 --
 1 file changed, 2 deletions(-)

diff --git a/functions.php b/functions.php
index c1099eaf..a94d4b1d 100644
--- a/functions.php
+++ b/functions.php
@@ -773,14 +773,12 @@
 			'function' => array(
 				'title' => $lang['strfunction'],
 				'field' => field('proproto'),
-				'type'  => 'verbatim',
 				'url'   => "redirect.php?subject=function&amp;action=properties&amp;{$misc->href}&amp;",
 				'vars'  => array('function' => 'proproto', 'function_oid' => 'prooid'),
 			),
 			'returns' => array(
 				'title' => $lang['strreturns'],
 				'field' => field('proreturns'),
-				'type'  => 'verbatim',
 			),
 			'owner' => array(
 				'title' => $lang['strowner'],
-- 
2.39.5