SF Bug #3497660 - XSS flaws via 'export', 'add_value_form' and 'dn' variables

2012-09-03 07:16:34 +10:00
parent 88d41216f9
commit 74434e5ca3
3 changed files with 11 additions and 11 deletions
--- a/htdocs/add_value_form.php
+++ b/htdocs/add_value_form.php
@@ -34,7 +34,7 @@ if ($request['attribute']->isReadOnly())
 # Render the form
 if (! strcasecmp($request['attr'],'objectclass') || get_request('meth','REQUEST') != 'ajax') {
 	# Render the form.
-	$request['page']->drawTitle(sprintf('%s <b>%s</b> %s <b>%s</b>',_('Add new'),$request['attr'],_('value to'),get_rdn($request['dn'])));
+	$request['page']->drawTitle(sprintf('%s <b>%s</b> %s <b>%s</b>',_('Add new'),htmlspecialchars($request['attr']),_('value to'),htmlspecialchars(get_rdn($request['dn']))));
 	$request['page']->drawSubTitle();

 	if (! strcasecmp($request['attr'],'objectclass')) {