cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
a19a62aa58
openbsd-ports/www/phpldapadmin/patches/patch-lib_QueryRender_php
ajacoutot d5be9e9c84 Add a patch from upstream to fix: 
phpLDAPadmin "base" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/47852/

ok sthen@
2012-02-03 07:48:41 +00:00

27 lines
1.1 KiB
Plaintext
Raw Blame History

$OpenBSD: patch-lib_QueryRender_php,v 1.1 2012/02/03 07:48:41 ajacoutot Exp $
phpLDAPadmin "base" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/47852/
upstream: http://phpldapadmin.git.sourceforge.net/git/gitweb.cgi?p=phpldapadmin/phpldapadmin;a=commit;h=7dc8d57d6952fe681cb9e8818df7f103220457bd
--- lib/QueryRender.php.orig Wed May 11 11:40:18 2011
+++ lib/QueryRender.php Fri Feb 3 07:29:28 2012
@@ -497,7 +497,7 @@ class QueryRender extends PageRender {
$this->getAjaxRef($base),
$this->getAjaxRef($base),
($show == $this->getAjaxRef($base) ? '#F0F0F0' : '#E0E0E0'),
- $base);
+ htmlspecialchars($base));
}
echo '</tr>';
echo '</table>';
@@ -545,7 +545,7 @@ class QueryRender extends PageRender {
echo ' ]</small>';
echo '<br />';
- printf('<small>%s: <b>%s</b></small>',_('Base DN'),$base);
+ printf('<small>%s: <b>%s</b></small>',_('Base DN'),htmlspecialchars($base));
echo '<br />';
printf('<small>%s: <b>%s</b></small>',_('Filter performed'),htmlspecialchars($this->template->resultsdata[$base]['filter']));
Reference in New Issue View Git Blame Copy Permalink