summaryrefslogtreecommitdiff
path: root/pages/account/44.php
diff options
context:
space:
mode:
authorMichael Tänzer <neo@nhng.de>2014-04-11 17:42:01 +0200
committerMichael Tänzer <neo@nhng.de>2014-04-11 17:42:01 +0200
commitbf0cbaf8c06acac73cd525d692b61ed1ac4cac47 (patch)
treea7296fd06c32063cfbdde2013a28ffd10b5310e1 /pages/account/44.php
parent6b98864419055ef5b3b2a899384f4a14eadf1960 (diff)
downloadcacert-devel-bf0cbaf8c06acac73cd525d692b61ed1ac4cac47.tar.gz
cacert-devel-bf0cbaf8c06acac73cd525d692b61ed1ac4cac47.tar.xz
cacert-devel-bf0cbaf8c06acac73cd525d692b61ed1ac4cac47.zip
bug 1138: Sanitize ticket number against XSS
Signed-off-by: Michael Tänzer <neo@nhng.de>
Diffstat (limited to 'pages/account/44.php')
-rw-r--r--pages/account/44.php2
1 files changed, 1 insertions, 1 deletions
diff --git a/pages/account/44.php b/pages/account/44.php
index dd0f376..a26ab0f 100644
--- a/pages/account/44.php
+++ b/pages/account/44.php
@@ -45,5 +45,5 @@ if (!valid_ticket_number($ticketno)) {
</table>
<input type="hidden" name="userid" value="<?=intval($_REQUEST['userid'])?>">
<input type="hidden" name="oldid" value="<?=$id?>">
-<input type="hidden" name="ticketno" value="<?=$ticketno?>"/>
+<input type="hidden" name="ticketno" value="<?=sanitizeHTML($ticketno)?>"/>
</form>