/[smecontribs]/rpms/phpldapadmin/contribs9/phpldapadmin-1.2.3-entry_chooser.patch
ViewVC logotype

Contents of /rpms/phpldapadmin/contribs9/phpldapadmin-1.2.3-entry_chooser.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (show annotations) (download)
Thu Nov 15 14:19:24 2018 UTC (5 years, 11 months ago) by jcrisp
Branch: MAIN
CVS Tags: phpldapadmin-1_2_3-10_el6, phpldapadmin-1_2_3-11_el6_sme, HEAD
Error occurred while calculating annotation data.
Initial import

1 Description: Fix multiple Cross-Site Scripting vulnerabilities in file htdocs/entry_chooser.php.
2 Author: Ismail Belkacim <xd4rker@gmail.com>
3 Bug-Ubuntu: https://bugs.launchpad.net/bugs/1701731
4 ---
5 This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
6 Index: phpldapadmin-1.2.2/htdocs/entry_chooser.php
7 ===================================================================
8 --- phpldapadmin-1.2.2.orig/htdocs/entry_chooser.php
9 +++ phpldapadmin-1.2.2/htdocs/entry_chooser.php
10 @@ -15,9 +15,9 @@ $www['page'] = new page();
11
12 $request = array();
13 $request['container'] = get_request('container','GET');
14 -$request['form'] = get_request('form','GET');
15 -$request['element'] = get_request('element','GET');
16 -$request['rdn'] = get_request('rdn','GET');
17 +$request['form'] = htmlspecialchars(addslashes(get_request('form','GET')));
18 +$request['element'] = htmlspecialchars(addslashes(get_request('element','GET')));
19 +$request['rdn'] = htmlspecialchars(addslashes(get_request('rdn','GET')));
20
21 echo '<div class="popup">';
22 printf('<h3 class="subtitle">%s</h3>',_('Entry Chooser'));
23 @@ -33,7 +33,7 @@ echo '</script>';
24 echo '<table class="forminput" width="100%" border="0">';
25 if ($request['container']) {
26 printf('<tr><td class="heading" colspan="3">%s:</td><td>%s</td></tr>',_('Server'),$app['server']->getName());
27 - printf('<tr><td class="heading" colspan="3">%s:</td><td>%s</td></tr>',_('Looking in'),$request['container']);
28 + printf('<tr><td class="heading" colspan="3">%s:</td><td>%s</td></tr>',_('Looking in'),htmlspecialchars($request['container']));
29 echo '<tr><td class="blank" colspan="4">&nbsp;</td></tr>';
30 }
31

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed