SF Bug #3497660 - XSS flaws via 'export', 'add_value_form' and 'dn' variables

2012-09-03 07:16:34 +10:00
parent 88d41216f9
commit 74434e5ca3
3 changed files with 11 additions and 11 deletions
--- a/lib/export_functions.php
+++ b/lib/export_functions.php
@@ -324,9 +324,9 @@ class ExportCSV extends Export {
 		}

 		if ($this->compress)
-			echo gzencode($output);
+			return gzencode($output);
 		else
-			echo $output;
+			return $output;
 	}

 	/**
@@ -428,9 +428,9 @@ class ExportDSML extends Export {
 		$output .= sprintf('</dsml>%s',$this->br);

 		if ($this->compress)
-			echo gzencode($output);
+			return gzencode($output);
 		else
-			echo $output;
+			return $output;
 	}
 }

@@ -506,9 +506,9 @@ class ExportLDIF extends Export {
 		}

 		if ($this->compress)
-			echo gzencode($output);
+			return gzencode($output);
 		else
-			echo $output;
+			return $output;
 	}

 	/**
@@ -633,9 +633,9 @@ class ExportVCARD extends Export {
 		}

 		if ($this->compress)
-			echo gzencode($output);
+			return gzencode($output);
 		else
-			echo $output;
+			return $output;
 	}
 }
 ?>