diff options
| author | Benny Baumann <BenBE@geshi.org> | 2014-03-11 22:51:07 +0100 |
|---|---|---|
| committer | Benny Baumann <BenBE@geshi.org> | 2014-03-11 22:51:07 +0100 |
| commit | 8ac27d6ed5751435d920f9ae99020752007d441d (patch) | |
| tree | d3e8cf7929f149f914ec6fbbc10158df89a14a32 /includes/account.php | |
| parent | aad62613f78bc092ddccb839f0155dc98417c481 (diff) | |
| download | cacert-devel-8ac27d6ed5751435d920f9ae99020752007d441d.tar.gz cacert-devel-8ac27d6ed5751435d920f9ae99020752007d441d.tar.xz cacert-devel-8ac27d6ed5751435d920f9ae99020752007d441d.zip | |
bug 448: Properly escape data that comes from the databasebug-448
Diffstat (limited to 'includes/account.php')
| -rw-r--r-- | includes/account.php | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/includes/account.php b/includes/account.php index ca64ffd..497bf58 100644 --- a/includes/account.php +++ b/includes/account.php @@ -972,7 +972,7 @@ function buildSubjectFromSession() { continue; } mysql_query("update `domaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'"); - printf(_("Certificate for '%s' with the serial no '%s' has been revoked.").'<br/>', $row['CN'], $row['serial']); + printf(_("Certificate for '%s' with the serial no '%s' has been revoked.").'<br/>', htmlspecialchars($row['CN']), htmlspecialchars($row['serial'])); } // TRANSLATORS: Please don't translate "Certificate Revocation List (CRL)", it's a technical term @@ -1132,7 +1132,7 @@ function buildSubjectFromSession() { continue; } mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'"); - printf(_("Certificate for '%s' with the serial no '%s' has been revoked.").'<br/>', $row['CN'], $row['serial']); + printf(_("Certificate for '%s' with the serial no '%s' has been revoked.").'<br/>', htmlspecialchars($row['CN']), htmlspecialchars($row['serial'])); } // TRANSLATORS: Please don't translate "Certificate Revocation List (CRL)", it's a technical term @@ -1762,7 +1762,7 @@ function buildSubjectFromSession() { continue; } mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'"); - printf(_("Certificate for '%s' with the serial no '%s' has been revoked.").'<br/>', $row['CN'], $row['serial']); + printf(_("Certificate for '%s' with the serial no '%s' has been revoked.").'<br/>', htmlspecialchars($row['CN']), htmlspecialchars($row['serial'])); } // TRANSLATORS: Please don't translate "Certificate Revocation List (CRL)", it's a technical term @@ -2121,7 +2121,7 @@ function buildSubjectFromSession() { continue; } mysql_query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'"); - printf(_("Certificate for '%s' with the serial no '%s' has been revoked.").'<br/>', $row['CN'], $row['serial']); + printf(_("Certificate for '%s' with the serial no '%s' has been revoked.").'<br/>', htmlspecialchars($row['CN']), htmlspecialchars($row['serial'])); } // TRANSLATORS: Please don't translate "Certificate Revocation List (CRL)", it's a technical term |