summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBenny Baumann <BenBE@geshi.org>2014-06-15 19:29:29 +0200
committerBenny Baumann <BenBE@geshi.org>2014-06-15 19:29:29 +0200
commitc80cd13b61221d81c6bbabf121bda39988681396 (patch)
treeab7c6746fbd7c7bd75ff8764abf84a93773c33dd
parentba462bd60c71b779b43bd475247a906ddbf8fc35 (diff)
downloadcacert-devel-c80cd13b61221d81c6bbabf121bda39988681396.tar.gz
cacert-devel-c80cd13b61221d81c6bbabf121bda39988681396.tar.xz
cacert-devel-c80cd13b61221d81c6bbabf121bda39988681396.zip
bug 657: Properly escape existing values
-rw-r--r--includes/notary.inc.php10
1 files changed, 5 insertions, 5 deletions
diff --git a/includes/notary.inc.php b/includes/notary.inc.php
index bafd60c..e6a6565 100644
--- a/includes/notary.inc.php
+++ b/includes/notary.inc.php
@@ -1185,8 +1185,8 @@
?>
<tr>
<td class="DataTD"><?=$label?>:</td>
- <td class="DataTD"><input type="text" name="<?=$name?>" value="<?=$value?>" maxlength="<?=$length?>" size="90"></td>
- <td class="DataTD"><? printf(_('max %s characters'),$length)?></td>
+ <td class="DataTD"><input type="text" name="<?=$name?>" value="<?=SanitizeHTML($value)?>" maxlength="<?=intval($length)?>" size="90"></td>
+ <td class="DataTD"><? printf(_('max %d characters'),$length)?></td>
</tr>
<?
}
@@ -1204,10 +1204,10 @@
?>
<tr>
<td class="DataTD"><?=$label?>:</td>
- <td class="DataTD"><input type="text" name="<?=$name?>" value="<?=$value?>" maxlength="<?=$length?>" size="<?=$length?>">
+ <td class="DataTD"><input type="text" name="<?=$name?>" value="<?=SanitizeHTML($value)?>" maxlength="<?=intval($length)?>" size="<?=intval($length)?>">
<? printf(_('(2 letter %s ISO code %s )'), '<a href="http://www.iso.org/iso/home/standards/country_codes/iso-3166-1_decoding_table.htm">', '</a>')?>
</td>
- <td class="DataTD"><?=sprintf(_('max %s characters'),$length)?></td>
+ <td class="DataTD"><?=sprintf(_('max %d characters'),$length)?></td>
</tr>
<?
}
@@ -1224,7 +1224,7 @@
?>
<tr>
<td class="DataTD"><?=$label?>:</td>
- <td class="DataTD"><textarea name="<?=$name?>" cols=60 rows=10><?=$value?></textarea></td>
+ <td class="DataTD"><textarea name="<?=$name?>" cols=60 rows=10><?=SanitizeHTML($value)?></textarea></td>
<td class="DataTD">&nbsp</td>
</tr>
<?