bug 1291: Fix XSS in WoT 15

author: Felix Dörre <felix@dogcraft.de> 2014-07-27 12:49:28 +0200
committer: Benny Baumann <BenBE@geshi.org> 2014-07-27 12:49:28 +0200
commit: 89901a378a849ee17780c52fa73ee5b14049425c (patch)
tree: b6b125a0b424f8bd1ffc97c43a21af2895515728
parent: fa3a17789986431c15dac26c43a8100ee7e8d0d4 (diff)
download: cacert-devel-89901a378a849ee17780c52fa73ee5b14049425c.tar.gz
cacert-devel-89901a378a849ee17780c52fa73ee5b14049425c.tar.xz
cacert-devel-89901a378a849ee17780c52fa73ee5b14049425c.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/includes/notary.inc.php b/includes/notary.inc.php
index f15e09e..3b8e736 100644
--- a/includes/notary.inc.php
+++ b/includes/notary.inc.php
@@ -502,7 +502,7 @@ define('THAWTE_REVOCATION_DATETIME', '2010-11-16 00:00:00');
 ?>
 		<td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$name?><?=$emclose?></td>
 		<td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$revoked ? sprintf("<strong style='color: red'>%s</strong>",_("Revoked")) : $awarded?><?=$emclose?></td>
-		<td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$location?><?=$emclose?></td>
+		<td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=sanitizeHTML($location)?><?=$emclose?></td>
 		<td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$method?><?=$emclose?></td>
 		<td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$experience?$experience:'&nbsp;'?><?=$emclose?></td>
 <?
author	Felix Dörre <felix@dogcraft.de>	2014-07-27 12:49:28 +0200
committer	Benny Baumann <BenBE@geshi.org>	2014-07-27 12:49:28 +0200
commit	89901a378a849ee17780c52fa73ee5b14049425c (patch)
tree	b6b125a0b424f8bd1ffc97c43a21af2895515728
parent	fa3a17789986431c15dac26c43a8100ee7e8d0d4 (diff)
download	cacert-devel-89901a378a849ee17780c52fa73ee5b14049425c.tar.gz cacert-devel-89901a378a849ee17780c52fa73ee5b14049425c.tar.xz cacert-devel-89901a378a849ee17780c52fa73ee5b14049425c.zip