summaryrefslogtreecommitdiff
path: root/pages/gpg
diff options
context:
space:
mode:
authorBenny Baumann <BenBE@geshi.org>2014-04-30 18:44:40 +0200
committerBenny Baumann <BenBE@geshi.org>2014-04-30 20:18:56 +0200
commit2801b166026e48e2133ac5e8ba68f3d699c4dbd2 (patch)
tree1adbb5204bd44bfe49ac88ba5d1d23920eeca83f /pages/gpg
parent5303f27029a70f45b46e292e9e8262f6111444c2 (diff)
downloadcacert-devel-2801b166026e48e2133ac5e8ba68f3d699c4dbd2.tar.gz
cacert-devel-2801b166026e48e2133ac5e8ba68f3d699c4dbd2.tar.xz
cacert-devel-2801b166026e48e2133ac5e8ba68f3d699c4dbd2.zip
bug 1138: Some escaping for the GnuPG code
Diffstat (limited to 'pages/gpg')
-rw-r--r--pages/gpg/2.php16
1 files changed, 8 insertions, 8 deletions
diff --git a/pages/gpg/2.php b/pages/gpg/2.php
index 54d2bb2..9b3d4f4 100644
--- a/pages/gpg/2.php
+++ b/pages/gpg/2.php
@@ -52,19 +52,19 @@
?>
<tr>
<? if($verified == _("Valid")) { ?>
- <td class="DataTD"><?=$verified?></td>
- <td class="DataTD"><a href="gpg.php?id=3&amp;cert=<?=$row['id']?>"><?=$row['email']?></a></td>
+ <td class="DataTD"><?=intval($verified)?></td>
+ <td class="DataTD"><a href="gpg.php?id=3&amp;cert=<?=intval($row['id'])?>"><?=sanitizeHTML($row['email'])?></a></td>
<? } else if($verified == _("Pending")) { ?>
<td class="DataTD"><?=$verified?></td>
- <td class="DataTD"><?=$row['email']?></td>
+ <td class="DataTD"><?=sanitizeHTML($row['email'])?></td>
<? } else { ?>
<td class="DataTD"><?=$verified?></td>
- <td class="DataTD"><a href="gpg.php?id=3&amp;cert=<?=$row['id']?>"><?=$row['email']?></a></td>
+ <td class="DataTD"><a href="gpg.php?id=3&amp;cert=<?=intval($row['id'])?>"><?=sanitizeHTML($row['email'])?></a></td>
<? } ?>
<td class="DataTD"><?=$row['expire']?></td>
- <td class="DataTD"><a href="gpg.php?id=3&amp;cert=<?=$row['id']?>"><?=$row['keyid']?></a></td>
- <td class="DataTD"><input name="comment_<?=$row['id']?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td>
- <td class="DataTD"><input type="checkbox" name="check_comment_<?=$row['id']?>" /></td>
+ <td class="DataTD"><a href="gpg.php?id=3&amp;cert=<?=intval($row['id'])?>"><?=sanitizeHTML($row['keyid'])?></a></td>
+ <td class="DataTD"><input name="comment_<?=intval($row['id'])?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td>
+ <td class="DataTD"><input type="checkbox" name="check_comment_<?=intval($row['id'])?>" /></td>
</tr>
<? } ?>
<? } ?>
@@ -77,5 +77,5 @@
<td class="DataTD" colspan="6"><input type="submit" name="change" value="<?=_("Change settings")?>" /> </td>
</tr>
</table>
-<input type="hidden" name="oldid" value="<?=$id?>" />
+<input type="hidden" name="oldid" value="<?=intval($id)?>" />
</form>