diff options
author | Dieter Adriaenssens <ruleant@users.sourceforge.net> | 2011-10-04 21:15:19 +0400 |
---|---|---|
committer | Dieter Adriaenssens <ruleant@users.sourceforge.net> | 2011-10-04 21:15:19 +0400 |
commit | ca597dc423f3eebcca95ff33b088a03e39109115 (patch) | |
tree | bf754ff342587baa2ee2083a1a54f04b15583a94 /setup | |
parent | 1af420e22367ae72ff4091adb1620e59ddad5ba6 (diff) |
[security] Fixed XSS in setup (host parameter), see PMASA-2011-16RELEASE_3_4_6RC1
Diffstat (limited to 'setup')
-rw-r--r-- | setup/frames/servers.inc.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/setup/frames/servers.inc.php b/setup/frames/servers.inc.php index 081c416ecb..8d04966588 100644 --- a/setup/frames/servers.inc.php +++ b/setup/frames/servers.inc.php @@ -26,7 +26,7 @@ $server_exists = !empty($id) && $cf->get("Servers/$id") !== null; if ($mode == 'edit' && $server_exists) { $page_title = __('Edit server') - . ' ' . $id . ' <small>(' . $cf->getServerDSN($id) . ')</small>'; + . ' ' . $id . ' <small>(' . htmlspecialchars($cf->getServerDSN($id)) . ')</small>'; } elseif ($mode == 'remove' && $server_exists) { $cf->removeServer($id); header('Location: index.php'); @@ -45,4 +45,4 @@ foreach ($forms['Servers'] as $form_name => $form) { $form_display->registerForm($form_name, $form, $id); } process_formset($form_display); -?>
\ No newline at end of file +?> |