Fix multiple XSS in file htdocs/entry_chooser.php (CVE-2017-11107)
Closes: #50 From: Ismail Belkacim <xd4rker@gmail.com>
This commit is contained in:
parent
733a10a1c5
commit
4484129a41
@ -15,9 +15,9 @@ $www['page'] = new page();
|
|||||||
|
|
||||||
$request = array();
|
$request = array();
|
||||||
$request['container'] = get_request('container','GET');
|
$request['container'] = get_request('container','GET');
|
||||||
$request['form'] = get_request('form','GET');
|
$request['form'] = htmlspecialchars(addslashes(get_request('form','GET')));
|
||||||
$request['element'] = get_request('element','GET');
|
$request['element'] = htmlspecialchars(addslashes(get_request('element','GET')));
|
||||||
$request['rdn'] = get_request('rdn','GET');
|
$request['rdn'] = htmlspecialchars(addslashes(get_request('rdn','GET')));
|
||||||
|
|
||||||
echo '<div class="popup">';
|
echo '<div class="popup">';
|
||||||
printf('<h3 class="subtitle">%s</h3>',_('Entry Chooser'));
|
printf('<h3 class="subtitle">%s</h3>',_('Entry Chooser'));
|
||||||
@ -33,7 +33,7 @@ echo '</script>';
|
|||||||
echo '<table class="forminput" width="100%" border="0">';
|
echo '<table class="forminput" width="100%" border="0">';
|
||||||
if ($request['container']) {
|
if ($request['container']) {
|
||||||
printf('<tr><td class="heading" colspan="3">%s:</td><td>%s</td></tr>',_('Server'),$app['server']->getName());
|
printf('<tr><td class="heading" colspan="3">%s:</td><td>%s</td></tr>',_('Server'),$app['server']->getName());
|
||||||
printf('<tr><td class="heading" colspan="3">%s:</td><td>%s</td></tr>',_('Looking in'),$request['container']);
|
printf('<tr><td class="heading" colspan="3">%s:</td><td>%s</td></tr>',_('Looking in'),htmlspecialchars($request['container']));
|
||||||
echo '<tr><td class="blank" colspan="4"> </td></tr>';
|
echo '<tr><td class="blank" colspan="4"> </td></tr>';
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user