cacert
/
cacert-webdb
8
0
Fork 0
Code Issues Pull Requests 7 Projects Releases 2 Wiki Activity

Fixed XSS

Browse Source
pull/1/head
root 17 years ago
parent a5744c30f7
commit 10e9d80f48
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File

4
pages/account/33.php
Unescape Escape View File

@ -18,14 +18,14 @@
$row = mysql_fetch_assoc(mysql_query($query)); $row = mysql_fetch_assoc(mysql_query($query));
?> ?>
<form method="post" action="account.php"> <form method="post" action="account.php">
<input type="hidden" name="orgid" value="<?=$_REQUEST['orgid']?>"> <input type="hidden" name="orgid" value="<?=intval($_REQUEST['orgid'])?>">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr> <tr>
<td colspan="2" class="title"><? printf(_("New Admin for %s"), $row[O]); ?></td> <td colspan="2" class="title"><? printf(_("New Admin for %s"), $row[O]); ?></td>
</tr> </tr>
<tr> <tr>
<td class="DataTD"><?=_("Email")?>:</td> <td class="DataTD"><?=_("Email")?>:</td>
<td class="DataTD"><input type="text" name="email" value="<?=$_SESSION['_config']['email']?>"></td> <td class="DataTD"><input type="text" name="email" value="<?=sanitizeHTML($_SESSION['_config']['email'])?>"></td>
</tr> </tr>
<tr> <tr>
<td class="DataTD"><?=_("Department")?>:</td> <td class="DataTD"><?=_("Department")?>:</td>

Write Preview
Loading…
Cancel
Save