cacert
/
cacert-webdb
8
0
Fork 0
Code Issues Pull Requests 7 Projects Releases 2 Wiki Activity

Added XSS prevention

Browse Source
pull/1/head
root 16 years ago
parent 2c59d5a783
commit 4c0fe694ad
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File

12
includes/account.php
Unescape Escape View File

@ -67,7 +67,7 @@
if(mysql_num_rows($res) > 0)
{
showheader(_("My CAcert.org Account!"));
printf(_("The email address '%s' is already in the system. Can't continue."), $_REQUEST['email']);
printf(_("The email address '%s' is already in the system. Can't continue."), sanitizeHTML($_REQUEST['email']));
showfooter();
exit;
}
@ -433,7 +433,7 @@
$oldid=0;
$id = 7;
showheader(_("My CAcert.org Account!"));
printf(_("The domain '%s' is already in the system and is listed as valid. Can't continue."), $newdomain);
printf(_("The domain '%s' is already in the system and is listed as valid. Can't continue."), sanitizeHTML($newdomain));
showfooter();
exit;
}
@ -512,7 +512,7 @@
if(mysql_num_rows($res) > 0)
{
showheader(_("My CAcert.org Account!"));
printf(_("The domain '%s' is already in the system and is listed as valid. Can't continue."), $_SESSION['_config']['domain']);
printf(_("The domain '%s' is already in the system and is listed as valid. Can't continue."), sanitizeHTML($_SESSION['_config']['domain']));
showfooter();
exit;
}
@ -1892,7 +1892,7 @@
`C`='".$_SESSION['_config']['C']."',
`comments`='".$_SESSION['_config']['comments']."'");
showheader(_("My CAcert.org Account!"));
printf(_("'%s' has just been successfully added as an organisation to the database."), $_SESSION['_config']['O']);
printf(_("'%s' has just been successfully added as an organisation to the database."), sanitizeHTML($_SESSION['_config']['O']));
showfooter();
exit;
}
@ -1920,7 +1920,7 @@
`comments`='".$_SESSION['_config']['comments']."'
where `id`='".$_SESSION['_config']['orgid']."'");
showheader(_("My CAcert.org Account!"));
printf(_("'%s' has just been successfully updated in the database."), $_SESSION['_config']['O']);
printf(_("'%s' has just been successfully updated in the database."), sanitizeHTML($_SESSION['_config']['O']));
showfooter();
exit;
}
@ -1932,7 +1932,7 @@
$res1 = mysql_query("select * from `orgdomains` where `domain`='$domain'");
if(mysql_num_rows($res1) > 0)
{
$_SESSION['_config']['errmsg'] = sprintf(_("The domain '%s' is already in the system and is listed as valid. Can't continue."), $domain);
$_SESSION['_config']['errmsg'] = sprintf(_("The domain '%s' is already in the system and is listed as valid. Can't continue."), sanitizeHTML($domain));
$id = $oldid;
$oldid=0;
}

Write Preview
Loading…
Cancel
Save