summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFelix Dörre <felix@dogcraft.de>2014-07-27 12:49:28 +0200
committerBenny Baumann <BenBE@geshi.org>2014-07-27 12:49:28 +0200
commit89901a378a849ee17780c52fa73ee5b14049425c (patch)
treeb6b125a0b424f8bd1ffc97c43a21af2895515728
parentfa3a17789986431c15dac26c43a8100ee7e8d0d4 (diff)
downloadcacert-devel-89901a378a849ee17780c52fa73ee5b14049425c.tar.gz
cacert-devel-89901a378a849ee17780c52fa73ee5b14049425c.tar.xz
cacert-devel-89901a378a849ee17780c52fa73ee5b14049425c.zip
bug 1291: Fix XSS in WoT 15
-rw-r--r--includes/notary.inc.php2
1 files changed, 1 insertions, 1 deletions
diff --git a/includes/notary.inc.php b/includes/notary.inc.php
index f15e09e..3b8e736 100644
--- a/includes/notary.inc.php
+++ b/includes/notary.inc.php
@@ -502,7 +502,7 @@ define('THAWTE_REVOCATION_DATETIME', '2010-11-16 00:00:00');
?>
<td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$name?><?=$emclose?></td>
<td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$revoked ? sprintf("<strong style='color: red'>%s</strong>",_("Revoked")) : $awarded?><?=$emclose?></td>
- <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$location?><?=$emclose?></td>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=sanitizeHTML($location)?><?=$emclose?></td>
<td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$method?><?=$emclose?></td>
<td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$experience?$experience:'&nbsp;'?><?=$emclose?></td>
<?