cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
openbsd-ports/www/phpldapadmin/patches/patch-delete_form_php
aanriot ba90ce353a Security fixes against multiple cross-site scripting (XSS) 
vulnerabilities in phpldapadmin.

CVE-2006-2016;
from Debian GNU/Linux;
ok mbalmer@, "no objection" sturm@
2006-05-21 19:15:08 +00:00

13 lines
652 B
Plaintext
Raw Blame History

$OpenBSD: patch-delete_form_php,v 1.1 2006/05/21 19:15:08 aanriot Exp $
--- delete_form.php.orig Sun May 21 13:29:00 2006
+++ delete_form.php Sun May 21 13:30:34 2006
@@ -69,7 +69,7 @@ include './header.php'; ?>
<td>
<center>
<form action="rdelete.php" method="post">
- <input type="hidden" name="dn" value="<?php echo $dn; ?>" />
+ <input type="hidden" name="dn" value="<?php echo htmlspecialchars($dn); ?>" />
<input type="hidden" name="server_id" value="<?php echo $ldapserver->server_id; ?>" />
<input type="submit" class="scary" value="<?php echo sprintf( $lang['delete_all_x_objects'], $sub_tree_count ); ?>" />
</form>
Reference in New Issue View Git Blame Copy Permalink