diff options
| author | Benny Baumann <BenBE@geshi.org> | 2014-04-30 00:56:23 +0200 |
|---|---|---|
| committer | Benny Baumann <BenBE@geshi.org> | 2014-04-30 20:18:55 +0200 |
| commit | 322004387e8190ffaad72add23b98b9968497d58 (patch) | |
| tree | 101d1faec52ab316055b2f6139c8d98d6bfea65f | |
| parent | 892f0e8fb646d9f6da4eebe16d3d267e37610da4 (diff) | |
| download | cacert-devel-322004387e8190ffaad72add23b98b9968497d58.tar.gz cacert-devel-322004387e8190ffaad72add23b98b9968497d58.tar.xz cacert-devel-322004387e8190ffaad72add23b98b9968497d58.zip | |
bug 1138: Add some more mising escaping for values from the database
| -rw-r--r-- | pages/account/13.php | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/pages/account/13.php b/pages/account/13.php index 7e2adfc..080e277 100644 --- a/pages/account/13.php +++ b/pages/account/13.php @@ -52,22 +52,22 @@ <? if($_SESSION['profile']['points'] == 0) { ?> <tr> <td class="DataTD" width="125"><?=_("First Name")?>: </td> - <td class="DataTD" width="125"><input type="text" name="fname" value="<?=$user['fname']?>"></td> + <td class="DataTD" width="125"><input type="text" name="fname" value="<?=sanitizeHTML($user['fname'])?>"></td> </tr> <tr> <td class="DataTD" valign="top"><?=_("Middle Name(s)")?><br> (<?=_("optional")?>) </td> - <td class="DataTD"><input type="text" name="mname" value="<?=$user['mname']?>"></td> + <td class="DataTD"><input type="text" name="mname" value="<?=sanitizeHTML($user['mname'])?>"></td> </tr> <tr> <td class="DataTD"><?=_("Last Name")?>: </td> - <td class="DataTD"><input type="text" name="lname" value="<?=$user['lname']?>"></td> + <td class="DataTD"><input type="text" name="lname" value="<?=sanitizeHTML($user['lname'])?>"></td> </tr> <tr> <td class="DataTD"><?=_("Suffix")?><br> (<?=_("optional")?>)</td> - <td class="DataTD"><input type="text" name="suffix" value="<?=$user['suffix']?>"></td> + <td class="DataTD"><input type="text" name="suffix" value="<?=sanitizeHTML($user['suffix'])?>"></td> </tr> <tr> <td class="DataTD"><?=_("Date of Birth")?><br> @@ -100,22 +100,22 @@ <? } else { ?> <tr> <td class="DataTD" width="125"><?=_("First Name")?>: </td> - <td class="DataTD" width="125"><?=$user['fname']?></td> + <td class="DataTD" width="125"><?=sanitizeHTML($user['fname'])?></td> </tr> <tr> <td class="DataTD" valign="top"><?=_("Middle Name(s)")?><br> (<?=_("optional")?>) </td> - <td class="DataTD"><?=$user['mname']?></td> + <td class="DataTD"><?=sanitizeHTML($user['mname'])?></td> </tr> <tr> <td class="DataTD"><?=_("Last Name")?>: </td> - <td class="DataTD"><?=$user['lname']?></td> + <td class="DataTD"><?=sanitizeHTML($user['lname'])?></td> </tr> <tr> <td class="DataTD"><?=_("Suffix")?><br> (<?=_("optional")?>)</td> - <td class="DataTD"><?=$user['suffix']?></td> + <td class="DataTD"><?=sanitizeHTML($user['suffix'])?></td> </tr> <tr> <td class="DataTD"><?=_("Date of Birth")?><br> @@ -124,10 +124,10 @@ </tr> <? } ?> <tr> - <td colspan="2" class="title"><a href="account.php?id=59&oldid=13&userid=<?=$_SESSION['profile']['id']?>"><?=_('Show account history')?></a></td> + <td colspan="2" class="title"><a href="account.php?id=59&oldid=13&userid=<?=intval($_SESSION['profile']['id'])?>"><?=_('Show account history')?></a></td> </tr> <tr> - <td colspan="2" class="title"><a href="account.php?id=13&showdetails=<?=!$showdetails?>"><?=_("View secret question & answers and OTP phrases")?></a></td> + <td colspan="2" class="title"><a href="account.php?id=13&showdetails=<?=intval(!$showdetails)?>"><?=_("View secret question & answers and OTP phrases")?></a></td> </tr> <? if($showdetails){ ?> <tr> @@ -170,5 +170,5 @@ </tr> </table> <input type="hidden" name="csrf" value="<?=make_csrf('perschange')?>" /> -<input type="hidden" name="oldid" value="<?=$id?>"> +<input type="hidden" name="oldid" value="<?=intval($id)?>"> </form> |