diff --git a/includes/account.php b/includes/account.php
index 0158851..3a7d40e 100644
--- a/includes/account.php
+++ b/includes/account.php
@@ -129,7 +129,7 @@
$query = "update `users` set `email`='".$row['email']."' where `id`='".$_SESSION['profile']['id']."'";
mysql_query($query);
showheader(_("My CAcert.org Account!"));
- printf(_("Your default email address has been updated to '%s'."), $row['email']);
+ printf(_("Your default email address has been updated to '%s'."), sanitizeHTML($row['email']));
showfooter();
exit;
}
@@ -1948,7 +1948,7 @@
{
mysql_query("insert into `orgdomains` set `orgid`='".intval($_SESSION['_config']['orgid'])."', `domain`='$domain'");
showheader(_("My CAcert.org Account!"));
- printf(_("'%s' has just been successfully added to the database."), $domain);
+ printf(_("'%s' has just been successfully added to the database."), sanitizeHTML($domain));
echo "
"._("Click here")." "._("to continue.");
showfooter();
exit;
@@ -1962,7 +1962,7 @@
$res2 = mysql_query("select * from `domains` where `domain` like '$domain' and `deleted`=0");
if(mysql_num_rows($res1) > 0 || mysql_num_rows($res2) > 0)
{
- $_SESSION['_config']['errmsg'] = sprintf(_("The domain '%s' is already in the system and is listed as valid. Can't continue."), $domain);
+ $_SESSION['_config']['errmsg'] = sprintf(_("The domain '%s' is already in the system and is listed as valid. Can't continue."), sanitizeHTML($domain));
$id = $oldid;
$oldid=0;
}
@@ -1992,7 +1992,7 @@
$row = mysql_fetch_assoc(mysql_query("select * from `orgdomains` where `id`='".intval($_SESSION['_config']['domid'])."'"));
mysql_query("update `orgdomains` set `domain`='$domain' where `id`='".intval($_SESSION['_config']['domid'])."'");
showheader(_("My CAcert.org Account!"));
- printf(_("'%s' has just been successfully updated in the database."), $domain);
+ printf(_("'%s' has just been successfully updated in the database."), sanitizeHTML($domain));
echo "
"._("Click here")." "._("to continue.");
showfooter();
exit;
@@ -2004,7 +2004,7 @@
$domain = $row['domain'];
mysql_query("delete from `orgdomains` where `id`='".intval($_SESSION['_config']['domid'])."'");
showheader(_("My CAcert.org Account!"));
- printf(_("'%s' has just been successfully deleted from the database."), $domain);
+ printf(_("'%s' has just been successfully deleted from the database."), sanitizeHTML($domain));
echo "
"._("Click here")." "._("to continue.");
showfooter();
exit;
@@ -2096,7 +2096,7 @@
{
$id = $oldid;
$oldid=0;
- $_SESSION['_config']['errmsg'] = sprintf(_("Wasn't able to match '%s' against any user in the system"), $_REQUEST['email']);
+ $_SESSION['_config']['errmsg'] = sprintf(_("Wasn't able to match '%s' against any user in the system"), sanitizeHTML($_REQUEST['email']));
} else {
$row = mysql_fetch_assoc($res);
mysql_query("insert into `org` set `memid`='".$row['id']."', `orgid`='".intval($_SESSION['_config']['orgid'])."',
@@ -2374,7 +2374,7 @@
} else {
mysql_query("update `users` set `password`=sha1('".mysql_real_escape_string(stripslashes($_REQUEST['newpass']))."') where `id`='".intval($_REQUEST['userid'])."'");
$row = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$_REQUEST['userid']."'"));
- printf(_("The password for %s has been updated successfully in the system."), $row['email']);
+ printf(_("The password for %s has been updated successfully in the system."), sanitizeHTML($row['email']));
$body = sprintf(_("Hi %s,"),$row['fname'])."\n";