diff options
author | Sebastian Mendel <cybot_tm@users.sourceforge.net> | 2007-10-10 11:30:59 +0400 |
---|---|---|
committer | Sebastian Mendel <cybot_tm@users.sourceforge.net> | 2007-10-10 11:30:59 +0400 |
commit | 75a9c288070d10ab0ef8de169b5befe0846f1e10 (patch) | |
tree | f35910dd6488d4399af4b707a6331662f78aadbc /scripts | |
parent | a915e18bd135d33fef155bd7f693b2e4ef7b7850 (diff) |
fixed bug #1810629 XSS in setup.php
Diffstat (limited to 'scripts')
-rw-r--r-- | scripts/setup.php | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/scripts/setup.php b/scripts/setup.php index 4fe4971544..ee723523d4 100644 --- a/scripts/setup.php +++ b/scripts/setup.php @@ -1951,7 +1951,10 @@ switch ($action) { if (empty($_SERVER['REQUEST_URI']) || empty($_SERVER['HTTP_HOST'])) { $redir = ''; } else { - $redir = ' If your server is also configured to accept HTTPS request follow <a href="https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] . '">this link</a> to use secure connection.'; + $redir = ' If your server is also configured to accept HTTPS request' + . ' follow <a href="https://' + . htmlspecialchars($_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']) + . '">this link</a> to use secure connection.'; } message('warning', 'You are not using secure connection, all data (including sensitive, like passwords) are transfered unencrypted!' . $redir, 'Not secure connection'); } |