/[smecontribs]/rpms/phpldapadmin/contribs9/phpldapadmin-1.2.3-entry_chooser.patch
ViewVC logotype

Annotation of /rpms/phpldapadmin/contribs9/phpldapadmin-1.2.3-entry_chooser.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (hide annotations) (download)
Thu Nov 15 14:19:24 2018 UTC (6 years ago) by jcrisp
Branch: MAIN
CVS Tags: phpldapadmin-1_2_3-10_el6, phpldapadmin-1_2_3-11_el6_sme, HEAD
Initial import

1 jcrisp 1.1 Description: Fix multiple Cross-Site Scripting vulnerabilities in file htdocs/entry_chooser.php.
2     Author: Ismail Belkacim <xd4rker@gmail.com>
3     Bug-Ubuntu: https://bugs.launchpad.net/bugs/1701731
4     ---
5     This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
6     Index: phpldapadmin-1.2.2/htdocs/entry_chooser.php
7     ===================================================================
8     --- phpldapadmin-1.2.2.orig/htdocs/entry_chooser.php
9     +++ phpldapadmin-1.2.2/htdocs/entry_chooser.php
10     @@ -15,9 +15,9 @@ $www['page'] = new page();
11    
12     $request = array();
13     $request['container'] = get_request('container','GET');
14     -$request['form'] = get_request('form','GET');
15     -$request['element'] = get_request('element','GET');
16     -$request['rdn'] = get_request('rdn','GET');
17     +$request['form'] = htmlspecialchars(addslashes(get_request('form','GET')));
18     +$request['element'] = htmlspecialchars(addslashes(get_request('element','GET')));
19     +$request['rdn'] = htmlspecialchars(addslashes(get_request('rdn','GET')));
20    
21     echo '<div class="popup">';
22     printf('<h3 class="subtitle">%s</h3>',_('Entry Chooser'));
23     @@ -33,7 +33,7 @@ echo '</script>';
24     echo '<table class="forminput" width="100%" border="0">';
25     if ($request['container']) {
26     printf('<tr><td class="heading" colspan="3">%s:</td><td>%s</td></tr>',_('Server'),$app['server']->getName());
27     - printf('<tr><td class="heading" colspan="3">%s:</td><td>%s</td></tr>',_('Looking in'),$request['container']);
28     + printf('<tr><td class="heading" colspan="3">%s:</td><td>%s</td></tr>',_('Looking in'),htmlspecialchars($request['container']));
29     echo '<tr><td class="blank" colspan="4">&nbsp;</td></tr>';
30     }
31    

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed