fixed bug #1810629 XSS in setup.php

author: Sebastian Mendel <cybot_tm@users.sourceforge.net> 2007-10-10 11:30:59 +0400
committer: Sebastian Mendel <cybot_tm@users.sourceforge.net> 2007-10-10 11:30:59 +0400
commit: 75a9c288070d10ab0ef8de169b5befe0846f1e10 (patch)
tree: f35910dd6488d4399af4b707a6331662f78aadbc /scripts
parent: a915e18bd135d33fef155bd7f693b2e4ef7b7850 (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/scripts/setup.php b/scripts/setup.php
index 4fe4971544..ee723523d4 100644
--- a/scripts/setup.php
+++ b/scripts/setup.php
@@ -1951,7 +1951,10 @@ switch ($action) {
             if (empty($_SERVER['REQUEST_URI']) || empty($_SERVER['HTTP_HOST'])) {
                 $redir = '';
             } else {
-                $redir = ' If your server is also configured to accept HTTPS request follow <a href="https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] . '">this link</a> to use secure connection.';
+                $redir = ' If your server is also configured to accept HTTPS request'
+                    . ' follow <a href="https://'
+                    . htmlspecialchars($_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'])
+                    . '">this link</a> to use secure connection.';
             }
             message('warning', 'You are not using secure connection, all data (including sensitive, like passwords) are transfered unencrypted!' . $redir, 'Not secure connection');
         }
author	Sebastian Mendel <cybot_tm@users.sourceforge.net>	2007-10-10 11:30:59 +0400
committer	Sebastian Mendel <cybot_tm@users.sourceforge.net>	2007-10-10 11:30:59 +0400
commit	75a9c288070d10ab0ef8de169b5befe0846f1e10 (patch)
tree	f35910dd6488d4399af4b707a6331662f78aadbc /scripts
parent	a915e18bd135d33fef155bd7f693b2e4ef7b7850 (diff)