ba90ce353a
vulnerabilities in phpldapadmin. CVE-2006-2016; from Debian GNU/Linux; ok mbalmer@, "no objection" sturm@
23 lines
1.2 KiB
Plaintext
23 lines
1.2 KiB
Plaintext
$OpenBSD: patch-copy_form_php,v 1.1 2006/05/21 19:15:08 aanriot Exp $
|
|
--- copy_form.php.orig Sun May 21 13:24:35 2006
|
|
+++ copy_form.php Sun May 21 13:26:14 2006
|
|
@@ -56,15 +56,15 @@ if( is_array( $children ) && count( $chi
|
|
|
|
<body>
|
|
|
|
-<h3 class="title"><?php echo $lang['copyf_title_copy'] . $rdn; ?></h3>
|
|
-<h3 class="subtitle"><?php echo $lang['server']; ?>: <b><?php echo $ldapserver->name; ?></b> <?php echo $lang['distinguished_name']?>: <b><?php echo $dn; ?></b></h3>
|
|
+<h3 class="title"><?php echo $lang['copyf_title_copy'] . htmlspecialchars($rdn); ?></h3>
|
|
+<h3 class="subtitle"><?php echo $lang['server']; ?>: <b><?php echo $server_name; ?></b> <?php echo $lang['distinguished_name']?>: <b><?php echo html specialchars($dn); ?></b></h3>
|
|
|
|
<center>
|
|
<?php echo $lang['copyf_title_copy'] ?><b><?php echo htmlspecialchars( $rdn ); ?></b> <?php echo $lang['copyf_to_new_object']?>:<br />
|
|
<br />
|
|
|
|
<form action="copy.php" method="post" name="copy_form">
|
|
-<input type="hidden" name="old_dn" value="<?php echo $dn; ?>" />
|
|
+<input type="hidden" name="old_dn" value="<?php echo htmlspecialchars($dn); ?>" />
|
|
<input type="hidden" name="server_id" value="<?php echo $ldapserver->server_id; ?>" />
|
|
|
|
<table style="border-spacing: 10px">
|