Added XSS prevention
This commit is contained in:
parent
3ee1bb2e4f
commit
ee75a14ac4
1 changed files with 4 additions and 4 deletions
|
@ -238,7 +238,7 @@
|
||||||
if(mysql_num_rows($res) > 0)
|
if(mysql_num_rows($res) > 0)
|
||||||
{
|
{
|
||||||
showheader(_("Email Dispute"));
|
showheader(_("Email Dispute"));
|
||||||
printf(_("The email address '%s' already exists in the dispute system. Can't continue."), $email);
|
printf(_("The email address '%s' already exists in the dispute system. Can't continue."), sanitizeHTML($email));
|
||||||
showfooter();
|
showfooter();
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
@ -249,7 +249,7 @@
|
||||||
if(mysql_num_rows($res) <= 0)
|
if(mysql_num_rows($res) <= 0)
|
||||||
{
|
{
|
||||||
showheader(_("Email Dispute"));
|
showheader(_("Email Dispute"));
|
||||||
printf(_("The email address '%s' doesn't exist in the system. Can't continue."), $email);
|
printf(_("The email address '%s' doesn't exist in the system. Can't continue."), sanitizeHTML($email));
|
||||||
showfooter();
|
showfooter();
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
@ -282,14 +282,14 @@
|
||||||
`IP`='".$_SERVER['REMOTE_ADDR']."'";
|
`IP`='".$_SERVER['REMOTE_ADDR']."'";
|
||||||
mysql_query($query);
|
mysql_query($query);
|
||||||
|
|
||||||
$body = sprintf(_("You have been sent this email as the email address '%s' is being disputed. You have the option to accept or reject this request, after 2 days the request will automatically be discarded. Click the following link to accept or reject the dispute:"), $email)."\n\n";
|
$body = sprintf(_("You have been sent this email as the email address '%s' is being disputed. You have the option to accept or reject this request, after 2 days the request will automatically be discarded. Click the following link to accept or reject the dispute:"), sanitizeHTML($email))."\n\n";
|
||||||
$body .= "https://".$_SESSION['_config']['normalhostname']."/disputes.php?type=email&emailid=$emailid&hash=$hash\n\n";
|
$body .= "https://".$_SESSION['_config']['normalhostname']."/disputes.php?type=email&emailid=$emailid&hash=$hash\n\n";
|
||||||
$body .= _("Best regards")."\n"._("CAcert.org Support!");
|
$body .= _("Best regards")."\n"._("CAcert.org Support!");
|
||||||
|
|
||||||
sendmail($email, "[CAcert.org] "._("Dispute Probe"), $body, "support@cacert.org", "", "", "CAcert Support");
|
sendmail($email, "[CAcert.org] "._("Dispute Probe"), $body, "support@cacert.org", "", "", "CAcert Support");
|
||||||
|
|
||||||
showheader(_("Email Dispute"));
|
showheader(_("Email Dispute"));
|
||||||
printf(_("The email address '%s' has been entered into the dispute system, the email address will now be sent an email which will give the recipent the option of accepting or rejecting the request, if after 2 days we haven't received a valid response for or against we will discard the request."), $email);
|
printf(_("The email address '%s' has been entered into the dispute system, the email address will now be sent an email which will give the recipent the option of accepting or rejecting the request, if after 2 days we haven't received a valid response for or against we will discard the request."), sanitizeHTML($email));
|
||||||
showfooter();
|
showfooter();
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue