diff options
| author | Benny Baumann <BenBE@geshi.org> | 2014-04-30 00:48:42 +0200 |
|---|---|---|
| committer | Benny Baumann <BenBE@geshi.org> | 2014-04-30 20:18:55 +0200 |
| commit | 892f0e8fb646d9f6da4eebe16d3d267e37610da4 (patch) | |
| tree | dbd19178f4eaac5f5e99b22e7d07875c73310aab /pages | |
| parent | cfa34e712d77908a2f6403f04ad5e7f99a2835c5 (diff) | |
| download | cacert-devel-892f0e8fb646d9f6da4eebe16d3d267e37610da4.tar.gz cacert-devel-892f0e8fb646d9f6da4eebe16d3d267e37610da4.tar.xz cacert-devel-892f0e8fb646d9f6da4eebe16d3d267e37610da4.zip | |
bug 1138: Add some mising escaping for values from the database
Diffstat (limited to 'pages')
| -rw-r--r-- | pages/account/12.php | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/pages/account/12.php b/pages/account/12.php index 5ca8ce7..a59a5a1 100644 --- a/pages/account/12.php +++ b/pages/account/12.php @@ -19,7 +19,7 @@ <form method="post" action="account.php"> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> <tr> - <td colspan="8" class="title"><?=_("Domain Certificates")?> - <a href="account.php?id=12&viewall=<?=!$viewall?>"><?=$viewall?_("Hide old certificates"):_("View all certificates")?></a></td> + <td colspan="8" class="title"><?=_("Domain Certificates")?> - <a href="account.php?id=12&viewall=<?=intval(!$viewall)?>"><?=$viewall?_("Hide old certificates"):_("View all certificates")?></a></td> </tr> <tr> <td class="DataTD"><?=_("Renew/Revoke/Delete")?></td> @@ -70,24 +70,24 @@ ?> <tr> <? if($verified != _("Pending") && $verified != _("Revoked")) { ?> - <td class="DataTD"><input type="checkbox" name="revokeid[]" value="<?=$row['id']?>"/></td> + <td class="DataTD"><input type="checkbox" name="revokeid[]" value="<?=intval($row['id'])?>"/></td> <? } else if($verified != _("Revoked")) { ?> - <td class="DataTD"><input type="checkbox" name="delid[]" value="<?=$row['id']?>"/></td> + <td class="DataTD"><input type="checkbox" name="delid[]" value="<?=intval($row['id'])?>"/></td> <? } else { ?> <td class="DataTD"> </td> <? } ?> <td class="DataTD"><?=$verified?></td> - <td class="DataTD"><a href="account.php?id=15&cert=<?=$row['id']?>"><?=$row['CN']?></a></td> + <td class="DataTD"><a href="account.php?id=15&cert=<?=intval($row['id'])?>"><?=htmlspecialchars($row['CN'])?></a></td> <td class="DataTD"><?=$row['serial']?></td> <td class="DataTD"><?=$row['revoke']?></td> <td class="DataTD"><?=$row['expire']?></td> - <td class="DataTD"><input name="comment_<?=$row['id']?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td> - <td class="DataTD"><input type="checkbox" name="check_comment_<?=$row['id']?>" /></td> + <td class="DataTD"><input name="comment_<?=intval($row['id'])?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td> + <td class="DataTD"><input type="checkbox" name="check_comment_<?=intval($row['id'])?>" /></td> </tr> <? } ?> <tr> <td class="DataTD" colspan="8"> - <a href="account.php?id=12&viewall=<?=!$viewall?>"><b><?=$viewall?_("Hide old certificates"):_("View all certificates")?></b></a> + <a href="account.php?id=12&viewall=<?=intval(!$viewall)?>"><b><?=$viewall?_("Hide old certificates"):_("View all certificates")?></b></a> </td> </tr> <tr> @@ -105,6 +105,6 @@ <td class="DataTD" colspan="8"><?=_("From here you can delete pending requests, or revoke valid certificates.")?></td> </tr> </table> -<input type="hidden" name="oldid" value="<?=$id?>"/> +<input type="hidden" name="oldid" value="<?=intval($id)?>"/> <input type="hidden" name="csrf" value="<?=make_csrf('srvcerchange')?>"/> </form> |