mirror of
https://gitlab.alpinelinux.org/alpine/aports.git
synced 2025-08-05 13:27:09 +02:00
32 lines
1.6 KiB
Diff
32 lines
1.6 KiB
Diff
Description: Fix multiple Cross-Site Scripting vulnerabilities in file htdocs/entry_chooser.php.
|
|
Author: Ismail Belkacim <xd4rker@gmail.com>
|
|
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1701731
|
|
---
|
|
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
|
|
Index: phpldapadmin-1.2.2/htdocs/entry_chooser.php
|
|
===================================================================
|
|
--- phpldapadmin-1.2.2.orig/htdocs/entry_chooser.php
|
|
+++ phpldapadmin-1.2.2/htdocs/entry_chooser.php
|
|
@@ -15,9 +15,9 @@ $www['page'] = new page();
|
|
|
|
$request = array();
|
|
$request['container'] = get_request('container','GET');
|
|
-$request['form'] = get_request('form','GET');
|
|
-$request['element'] = get_request('element','GET');
|
|
-$request['rdn'] = get_request('rdn','GET');
|
|
+$request['form'] = htmlspecialchars(addslashes(get_request('form','GET')));
|
|
+$request['element'] = htmlspecialchars(addslashes(get_request('element','GET')));
|
|
+$request['rdn'] = htmlspecialchars(addslashes(get_request('rdn','GET')));
|
|
|
|
echo '<div class="popup">';
|
|
printf('<h3 class="subtitle">%s</h3>',_('Entry Chooser'));
|
|
@@ -33,7 +33,7 @@ echo '</script>';
|
|
echo '<table class="forminput" width="100%" border="0">';
|
|
if ($request['container']) {
|
|
printf('<tr><td class="heading" colspan="3">%s:</td><td>%s</td></tr>',_('Server'),$app['server']->getName());
|
|
- printf('<tr><td class="heading" colspan="3">%s:</td><td>%s</td></tr>',_('Looking in'),$request['container']);
|
|
+ printf('<tr><td class="heading" colspan="3">%s:</td><td>%s</td></tr>',_('Looking in'),htmlspecialchars($request['container']));
|
|
echo '<tr><td class="blank" colspan="4"> </td></tr>';
|
|
}
|
|
|