summaryrefslogtreecommitdiff
path: root/includes
diff options
context:
space:
mode:
authorMichael Tänzer <neo@nhng.de>2014-04-11 17:42:01 +0200
committerMichael Tänzer <neo@nhng.de>2014-04-11 17:42:01 +0200
commitbf0cbaf8c06acac73cd525d692b61ed1ac4cac47 (patch)
treea7296fd06c32063cfbdde2013a28ffd10b5310e1 /includes
parent6b98864419055ef5b3b2a899384f4a14eadf1960 (diff)
downloadcacert-devel-bf0cbaf8c06acac73cd525d692b61ed1ac4cac47.tar.gz
cacert-devel-bf0cbaf8c06acac73cd525d692b61ed1ac4cac47.tar.xz
cacert-devel-bf0cbaf8c06acac73cd525d692b61ed1ac4cac47.zip
bug 1138: Sanitize ticket number against XSS
Signed-off-by: Michael Tänzer <neo@nhng.de>
Diffstat (limited to 'includes')
-rw-r--r--includes/notary.inc.php2
1 files changed, 1 insertions, 1 deletions
diff --git a/includes/notary.inc.php b/includes/notary.inc.php
index 56d5755..aebc0b3 100644
--- a/includes/notary.inc.php
+++ b/includes/notary.inc.php
@@ -372,7 +372,7 @@ define('NULL_DATETIME', '0000-00-00 00:00:00');
<?
} else {
?>
- <td class="DataTD" <?=$tdstyle?>><?=$emopen?><a href="account.php?id=43&amp;userid=<?=intval($userid)?>&amp;assurance=<?=intval($assuranceid)?>&amp;csrf=<?=make_csrf('admdelassurance')?>&amp;ticketno=<?=$ticketno?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID &quot;%s&quot;?"),$assuranceid)?>');"><?=_("Revoke")?></a><?=$emclose?></td>
+ <td class="DataTD" <?=$tdstyle?>><?=$emopen?><a href="account.php?id=43&amp;userid=<?=intval($userid)?>&amp;assurance=<?=intval($assuranceid)?>&amp;csrf=<?=make_csrf('admdelassurance')?>&amp;ticketno=<?=sanitizeHTML($ticketno)?>" onclick="return confirm('<?=sprintf(_("Are you sure you want to revoke the assurance with ID &quot;%s&quot;?"),$assuranceid)?>');"><?=_("Revoke")?></a><?=$emclose?></td>
<?
}
}