Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
isv:perlur:epel
phpldapadmin
phpldapadmin-1.2.3-entry_chooser.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File phpldapadmin-1.2.3-entry_chooser.patch of Package phpldapadmin
Description: Fix multiple Cross-Site Scripting vulnerabilities in file htdocs/entry_chooser.php. Author: Ismail Belkacim <xd4rker@gmail.com> Bug-Ubuntu: https://bugs.launchpad.net/bugs/1701731 --- This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ Index: phpldapadmin-1.2.2/htdocs/entry_chooser.php =================================================================== --- phpldapadmin-1.2.2.orig/htdocs/entry_chooser.php +++ phpldapadmin-1.2.2/htdocs/entry_chooser.php @@ -15,9 +15,9 @@ $www['page'] = new page(); $request = array(); $request['container'] = get_request('container','GET'); -$request['form'] = get_request('form','GET'); -$request['element'] = get_request('element','GET'); -$request['rdn'] = get_request('rdn','GET'); +$request['form'] = htmlspecialchars(addslashes(get_request('form','GET'))); +$request['element'] = htmlspecialchars(addslashes(get_request('element','GET'))); +$request['rdn'] = htmlspecialchars(addslashes(get_request('rdn','GET'))); echo '<div class="popup">'; printf('<h3 class="subtitle">%s</h3>',_('Entry Chooser')); @@ -33,7 +33,7 @@ echo '</script>'; echo '<table class="forminput" width="100%" border="0">'; if ($request['container']) { printf('<tr><td class="heading" colspan="3">%s:</td><td>%s</td></tr>',_('Server'),$app['server']->getName()); - printf('<tr><td class="heading" colspan="3">%s:</td><td>%s</td></tr>',_('Looking in'),$request['container']); + printf('<tr><td class="heading" colspan="3">%s:</td><td>%s</td></tr>',_('Looking in'),htmlspecialchars($request['container'])); echo '<tr><td class="blank" colspan="4"> </td></tr>'; }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor