[security] Fixed XSS in setup (host parameter), see PMASA-2011-16RELEASE_3_4_6RC1

author: Dieter Adriaenssens <ruleant@users.sourceforge.net> 2011-10-04 21:15:19 +0400
committer: Dieter Adriaenssens <ruleant@users.sourceforge.net> 2011-10-04 21:15:19 +0400
commit: ca597dc423f3eebcca95ff33b088a03e39109115 (patch)
tree: bf754ff342587baa2ee2083a1a54f04b15583a94 /setup
parent: 1af420e22367ae72ff4091adb1620e59ddad5ba6 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/setup/frames/servers.inc.php b/setup/frames/servers.inc.php
index 081c416ecb..8d04966588 100644
--- a/setup/frames/servers.inc.php
+++ b/setup/frames/servers.inc.php
@@ -26,7 +26,7 @@ $server_exists = !empty($id) && $cf->get("Servers/$id") !== null;
 
 if ($mode == 'edit' && $server_exists) {
     $page_title = __('Edit server')
-        . ' ' . $id . ' <small>(' . $cf->getServerDSN($id) . ')</small>';
+        . ' ' . $id . ' <small>(' . htmlspecialchars($cf->getServerDSN($id)) . ')</small>';
 } elseif ($mode == 'remove' && $server_exists) {
     $cf->removeServer($id);
     header('Location: index.php');
@@ -45,4 +45,4 @@ foreach ($forms['Servers'] as $form_name => $form) {
     $form_display->registerForm($form_name, $form, $id);
 }
 process_formset($form_display);
-?>
-\ No newline at end of file
+?>
author	Dieter Adriaenssens <ruleant@users.sourceforge.net>	2011-10-04 21:15:19 +0400
committer	Dieter Adriaenssens <ruleant@users.sourceforge.net>	2011-10-04 21:15:19 +0400
commit	ca597dc423f3eebcca95ff33b088a03e39109115 (patch)
tree	bf754ff342587baa2ee2083a1a54f04b15583a94 /setup
parent	1af420e22367ae72ff4091adb1620e59ddad5ba6 (diff)