SF Bug #3497660 - XSS flaws via 'export', 'add_value_form' and 'dn' variables

2012-09-03 07:16:34 +10:00
parent 88d41216f9
commit 74434e5ca3
3 changed files with 11 additions and 11 deletions
--- a/htdocs/export.php
+++ b/htdocs/export.php
@@ -29,12 +29,12 @@ if ($request['file']) {

 	header('Content-type: application/download');
 	header(sprintf('Content-Disposition: inline; filename="%s.%s"','export',$types['extension'].($request['export']->isCompressed() ? '.gz' : '')));
-	$request['export']->export();
+	echo $request['export']->export();
 	die();

 } else {
 	print '<span style="font-size: 14px; font-family: courier;"><pre>';
-	$request['export']->export();
+	echo htmlspecialchars($request['export']->export());
 	print '</pre></span>';
 }
 ?>