summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBenny Baumann <BenBE@geshi.org>2014-03-11 22:51:07 +0100
committerBenny Baumann <BenBE@geshi.org>2014-03-11 22:51:07 +0100
commit8ac27d6ed5751435d920f9ae99020752007d441d (patch)
treed3e8cf7929f149f914ec6fbbc10158df89a14a32
parentaad62613f78bc092ddccb839f0155dc98417c481 (diff)
downloadcacert-devel-8ac27d6ed5751435d920f9ae99020752007d441d.tar.gz
cacert-devel-8ac27d6ed5751435d920f9ae99020752007d441d.tar.xz
cacert-devel-8ac27d6ed5751435d920f9ae99020752007d441d.zip
bug 448: Properly escape data that comes from the databasebug-448
-rw-r--r--includes/account.php8
1 files changed, 4 insertions, 4 deletions
diff --git a/includes/account.php b/includes/account.php
index ca64ffd..497bf58 100644
--- a/includes/account.php
+++ b/includes/account.php
@@ -972,7 +972,7 @@ function buildSubjectFromSession() {
continue;
}
mysql_query("update `domaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
- printf(_("Certificate for '%s' with the serial no '%s' has been revoked.").'<br/>', $row['CN'], $row['serial']);
+ printf(_("Certificate for '%s' with the serial no '%s' has been revoked.").'<br/>', htmlspecialchars($row['CN']), htmlspecialchars($row['serial']));
}
// TRANSLATORS: Please don't translate "Certificate Revocation List (CRL)", it's a technical term
@@ -1132,7 +1132,7 @@ function buildSubjectFromSession() {
continue;
}
mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
- printf(_("Certificate for '%s' with the serial no '%s' has been revoked.").'<br/>', $row['CN'], $row['serial']);
+ printf(_("Certificate for '%s' with the serial no '%s' has been revoked.").'<br/>', htmlspecialchars($row['CN']), htmlspecialchars($row['serial']));
}
// TRANSLATORS: Please don't translate "Certificate Revocation List (CRL)", it's a technical term
@@ -1762,7 +1762,7 @@ function buildSubjectFromSession() {
continue;
}
mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
- printf(_("Certificate for '%s' with the serial no '%s' has been revoked.").'<br/>', $row['CN'], $row['serial']);
+ printf(_("Certificate for '%s' with the serial no '%s' has been revoked.").'<br/>', htmlspecialchars($row['CN']), htmlspecialchars($row['serial']));
}
// TRANSLATORS: Please don't translate "Certificate Revocation List (CRL)", it's a technical term
@@ -2121,7 +2121,7 @@ function buildSubjectFromSession() {
continue;
}
mysql_query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'");
- printf(_("Certificate for '%s' with the serial no '%s' has been revoked.").'<br/>', $row['CN'], $row['serial']);
+ printf(_("Certificate for '%s' with the serial no '%s' has been revoked.").'<br/>', htmlspecialchars($row['CN']), htmlspecialchars($row['serial']));
}
// TRANSLATORS: Please don't translate "Certificate Revocation List (CRL)", it's a technical term