diff options
| author | Benny Baumann <BenBE@geshi.org> | 2014-04-30 18:44:40 +0200 |
|---|---|---|
| committer | Benny Baumann <BenBE@geshi.org> | 2014-04-30 20:18:56 +0200 |
| commit | 2801b166026e48e2133ac5e8ba68f3d699c4dbd2 (patch) | |
| tree | 1adbb5204bd44bfe49ac88ba5d1d23920eeca83f | |
| parent | 5303f27029a70f45b46e292e9e8262f6111444c2 (diff) | |
| download | cacert-devel-2801b166026e48e2133ac5e8ba68f3d699c4dbd2.tar.gz cacert-devel-2801b166026e48e2133ac5e8ba68f3d699c4dbd2.tar.xz cacert-devel-2801b166026e48e2133ac5e8ba68f3d699c4dbd2.zip | |
bug 1138: Some escaping for the GnuPG code
| -rw-r--r-- | pages/gpg/2.php | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/pages/gpg/2.php b/pages/gpg/2.php index 54d2bb2..9b3d4f4 100644 --- a/pages/gpg/2.php +++ b/pages/gpg/2.php @@ -52,19 +52,19 @@ ?> <tr> <? if($verified == _("Valid")) { ?> - <td class="DataTD"><?=$verified?></td> - <td class="DataTD"><a href="gpg.php?id=3&cert=<?=$row['id']?>"><?=$row['email']?></a></td> + <td class="DataTD"><?=intval($verified)?></td> + <td class="DataTD"><a href="gpg.php?id=3&cert=<?=intval($row['id'])?>"><?=sanitizeHTML($row['email'])?></a></td> <? } else if($verified == _("Pending")) { ?> <td class="DataTD"><?=$verified?></td> - <td class="DataTD"><?=$row['email']?></td> + <td class="DataTD"><?=sanitizeHTML($row['email'])?></td> <? } else { ?> <td class="DataTD"><?=$verified?></td> - <td class="DataTD"><a href="gpg.php?id=3&cert=<?=$row['id']?>"><?=$row['email']?></a></td> + <td class="DataTD"><a href="gpg.php?id=3&cert=<?=intval($row['id'])?>"><?=sanitizeHTML($row['email'])?></a></td> <? } ?> <td class="DataTD"><?=$row['expire']?></td> - <td class="DataTD"><a href="gpg.php?id=3&cert=<?=$row['id']?>"><?=$row['keyid']?></a></td> - <td class="DataTD"><input name="comment_<?=$row['id']?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td> - <td class="DataTD"><input type="checkbox" name="check_comment_<?=$row['id']?>" /></td> + <td class="DataTD"><a href="gpg.php?id=3&cert=<?=intval($row['id'])?>"><?=sanitizeHTML($row['keyid'])?></a></td> + <td class="DataTD"><input name="comment_<?=intval($row['id'])?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td> + <td class="DataTD"><input type="checkbox" name="check_comment_<?=intval($row['id'])?>" /></td> </tr> <? } ?> <? } ?> @@ -77,5 +77,5 @@ <td class="DataTD" colspan="6"><input type="submit" name="change" value="<?=_("Change settings")?>" /> </td> </tr> </table> -<input type="hidden" name="oldid" value="<?=$id?>" /> +<input type="hidden" name="oldid" value="<?=intval($id)?>" /> </form> |