deon
/
phpldapadmin
1
0
Fork 0
Code Issues 36 Pull Requests Packages Projects Releases Wiki Activity

Fix multiple XSS in file htdocs/entry_chooser.php (CVE-2017-11107) 

Closes: #50

From: Ismail Belkacim <xd4rker@gmail.com>
This commit is contained in:
Antoine Beaupré 2018-10-31 14:03:34 -04:00
parent 733a10a1c5
commit 4484129a41
No known key found for this signature in database
GPG Key ID: 3EA1DDDDB261D97B
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
htdocs/entry_chooser.php
View File

@ -15,9 +15,9 @@ $www['page'] = new page();
$request = array();
$request['container'] = get_request('container','GET');
$request['form'] = get_request('form','GET');
$request['element'] = get_request('element','GET');
$request['rdn'] = get_request('rdn','GET');
$request['form'] = htmlspecialchars(addslashes(get_request('form','GET')));
$request['element'] = htmlspecialchars(addslashes(get_request('element','GET')));
$request['rdn'] = htmlspecialchars(addslashes(get_request('rdn','GET')));
echo '<div class="popup">';
printf('<h3 class="subtitle">%s</h3>',_('Entry Chooser'));
@ -33,7 +33,7 @@ echo '</script>';
echo '<table class="forminput" width="100%" border="0">';
if ($request['container']) {
printf('<tr><td class="heading" colspan="3">%s:</td><td>%s</td></tr>',_('Server'),$app['server']->getName());
printf('<tr><td class="heading" colspan="3">%s:</td><td>%s</td></tr>',_('Looking in'),$request['container']);
printf('<tr><td class="heading" colspan="3">%s:</td><td>%s</td></tr>',_('Looking in'),htmlspecialchars($request['container']));
echo '<tr><td class="blank" colspan="4">&nbsp;</td></tr>';
}