From 8f992c32a09ab6d098ad5e5c88c34a58e8ac4ac0 Mon Sep 17 00:00:00 2001
From: root <root@www.cacert.org>
Date: Sat, 27 Sep 2008 16:11:02 +0000
Subject: [PATCH] Fixed XSS, reported by alexander@klink.name

---
 www/analyse.php | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/www/analyse.php b/www/analyse.php
index 73fb23a..b263644 100644
--- a/www/analyse.php
+++ b/www/analyse.php
@@ -30,9 +30,7 @@
 <p><input type="submit" name="process" value="<?=_("Analyse")?>"></p>
 </form>
 <?	} else {
-		echo "<pre>";
-		print_r(openssl_x509_parse(openssl_x509_read($_POST['csr'])));
-		echo "</pre>";
+		echo "<pre>".htmlspecialchars(print_r(openssl_x509_parse(openssl_x509_read($_POST['csr'])),true))."</pre>";
 	}
 	showfooter();
 ?>