On Thu, 27 Apr 2017 at 20:12:19, Lukas Fleischer wrote: > This allows for adding Terms of Service documents to the database that > registered users need to accept before using the AUR. A revision field > can be used to indicate whether a document was updated. If it is > increased, all users are again asked to accept the new terms. > > Signed-off-by: Lukas Fleischer <[email protected]> > --- > schema/aur-schema.sql | 20 +++++++++++++ > upgrading/4.6.0.txt | 20 +++++++++++++ > web/html/tos.php | 50 ++++++++++++++++++++++++++++++++ > web/lib/acctfuncs.inc.php | 74 > +++++++++++++++++++++++++++++++++++++++++++++++ > web/lib/aur.inc.php | 23 +++++++++++++++ > web/lib/routing.inc.php | 1 + > 6 files changed, 188 insertions(+) > create mode 100644 web/html/tos.php > [...] > diff --git a/web/html/tos.php b/web/html/tos.php > new file mode 100644 > index 0000000..135fa1e > --- /dev/null > +++ b/web/html/tos.php > [...] > + <ul> > + <?php foreach($terms as $row): ?> > + <li><a href="<?= > urlencode(sprintf($row["URL"], $row["Revision"])) ?>"><?= > htmlspecialchars($row["Description"]) ?></a> (<?= __('revision %d', > $row["Revision"]) ?>)</li> > [...]
The urlencode() call should be replaced by htmlspecialchars() with ENT_QUOTES here. I fixed this on the pu branch.
