From 7dc8d57d6952fe681cb9e8818df7f103220457bd Mon Sep 17 00:00:00 2001 From: Deon George Date: Tue, 24 Jan 2012 12:37:28 +1100 Subject: [PATCH] SF Bug #3477910 - XSS vulnerability in query --- lib/QueryRender.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/QueryRender.php b/lib/QueryRender.php index 291ec40..685f3ba 100644 --- a/lib/QueryRender.php +++ b/lib/QueryRender.php @@ -497,7 +497,7 @@ class QueryRender extends PageRender { $this->getAjaxRef($base), $this->getAjaxRef($base), ($show == $this->getAjaxRef($base) ? '#F0F0F0' : '#E0E0E0'), - $base); + htmlspecialchars($base)); } echo ''; echo ''; @@ -545,7 +545,7 @@ class QueryRender extends PageRender { echo ' ]'; echo '
'; - printf('%s: %s',_('Base DN'),$base); + printf('%s: %s',_('Base DN'),htmlspecialchars($base)); echo '
'; printf('%s: %s',_('Filter performed'),htmlspecialchars($this->template->resultsdata[$base]['filter']));