phpldapadmin/contribs9/phpldapadmin-1.2.3-entry_chooser.patch

Description: Fix multiple Cross-Site Scripting vulnerabilities in file htdocs/entry_chooser.php.
Author: Ismail Belkacim <xd4rker@gmail.com>
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1701731
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
Index: phpldapadmin-1.2.2/htdocs/entry_chooser.php
===================================================================
--- phpldapadmin-1.2.2.orig/htdocs/entry_chooser.php
+++ phpldapadmin-1.2.2/htdocs/entry_chooser.php
@@ -15,9 +15,9 @@ $www['page'] = new page();
 
 $request = array();
 $request['container'] = get_request('container','GET');
-$request['form'] = get_request('form','GET');
-$request['element'] = get_request('element','GET');
-$request['rdn'] = get_request('rdn','GET');
+$request['form'] = htmlspecialchars(addslashes(get_request('form','GET')));
+$request['element'] = htmlspecialchars(addslashes(get_request('element','GET')));
+$request['rdn'] = htmlspecialchars(addslashes(get_request('rdn','GET')));
 
 echo '<div class="popup">';
 printf('<h3 class="subtitle">%s</h3>',_('Entry Chooser'));
@@ -33,7 +33,7 @@ echo '</script>';
 echo '<table class="forminput" width="100%" border="0">';
 if ($request['container']) {
        printf('<tr><td class="heading" colspan="3">%s:</td><td>%s</td></tr>',_('Server'),$app['server']->getName());
-       printf('<tr><td class="heading" colspan="3">%s:</td><td>%s</td></tr>',_('Looking in'),$request['container']);
+       printf('<tr><td class="heading" colspan="3">%s:</td><td>%s</td></tr>',_('Looking in'),htmlspecialchars($request['container']));
        echo '<tr><td class="blank" colspan="4">&nbsp;</td></tr>';
 }
 
1	jcrisp	1.1	Description: Fix multiple Cross-Site Scripting vulnerabilities in file htdocs/entry_chooser.php.
2			Author: Ismail Belkacim <xd4rker@gmail.com>
3			Bug-Ubuntu: https://bugs.launchpad.net/bugs/1701731
4			---
5			This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
6			Index: phpldapadmin-1.2.2/htdocs/entry_chooser.php
7			===================================================================
8			--- phpldapadmin-1.2.2.orig/htdocs/entry_chooser.php
9			+++ phpldapadmin-1.2.2/htdocs/entry_chooser.php
10			@@ -15,9 +15,9 @@ $www['page'] = new page();
11
12			$request = array();
13			$request['container'] = get_request('container','GET');
14			-$request['form'] = get_request('form','GET');
15			-$request['element'] = get_request('element','GET');
16			-$request['rdn'] = get_request('rdn','GET');
17			+$request['form'] = htmlspecialchars(addslashes(get_request('form','GET')));
18			+$request['element'] = htmlspecialchars(addslashes(get_request('element','GET')));
19			+$request['rdn'] = htmlspecialchars(addslashes(get_request('rdn','GET')));
20
21			echo '<div class="popup">';
22			printf('<h3 class="subtitle">%s</h3>',_('Entry Chooser'));
23			@@ -33,7 +33,7 @@ echo '</script>';
24			echo '<table class="forminput" width="100%" border="0">';
25			if ($request['container']) {
26			printf('<tr><td class="heading" colspan="3">%s:</td><td>%s</td></tr>',_('Server'),$app['server']->getName());
27			- printf('<tr><td class="heading" colspan="3">%s:</td><td>%s</td></tr>',_('Looking in'),$request['container']);
28			+ printf('<tr><td class="heading" colspan="3">%s:</td><td>%s</td></tr>',_('Looking in'),htmlspecialchars($request['container']));
29			echo '<tr><td class="blank" colspan="4"> </td></tr>';
30			}
31