deon/phpldapadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

SF Bug #2969826 - XSS found in cmd.php

Browse Source
This commit is contained in:
Deon George
2010-03-14 23:48:40 +11:00
parent 7b4d11f1f5
commit 0f782569e9
4 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/cmd.php
View File

@@ -53,7 +53,7 @@ if (trim($www['cmd'])) {
# If this command has been disabled by the config.
if (! $_SESSION[APPCONFIG]->isCommandAvailable('script',$www['cmd'])) {
system_message(array('title'=>_('Command disabled by the server configuration'),
_('Error'),'body'=>sprintf('%s: <b>%s</b>.',_('The command could not be run'),$www['cmd']),'type'=>'error'),'index.php');
_('Error'),'body'=>sprintf('%s: <b>%s</b>.',_('The command could not be run'),htmlspecialchars($www['cmd'])),'type'=>'error'),'index.php');
$app['script_cmd'] = null;
}