diff options
author | Benny Baumann <BenBE@geshi.org> | 2014-08-09 10:56:14 +0200 |
---|---|---|
committer | Benny Baumann <BenBE@geshi.org> | 2014-08-09 10:56:14 +0200 |
commit | 3641ed05c58e2f350bc33cef737a0c35755364eb (patch) | |
tree | 4eda8e492e7566d9f3618c87cd3dae35a07b9059 /www | |
parent | fa3a17789986431c15dac26c43a8100ee7e8d0d4 (diff) | |
parent | b2f8a5d29ed0d35b53e71efc11ff7db1ce4308ae (diff) | |
download | cacert-devel-3641ed05c58e2f350bc33cef737a0c35755364eb.tar.gz cacert-devel-3641ed05c58e2f350bc33cef737a0c35755364eb.tar.xz cacert-devel-3641ed05c58e2f350bc33cef737a0c35755364eb.zip |
Merge branch 'bug-1291' into release
Diffstat (limited to 'www')
-rw-r--r-- | www/wot.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/www/wot.php b/www/wot.php index 89b0aac..e6d180c 100644 --- a/www/wot.php +++ b/www/wot.php @@ -324,7 +324,7 @@ function send_reminder() $query = "select * from `users` where `id`='".intval($_SESSION['_config']['notarise']['id'])."'"; $res = mysql_query($query); $row = mysql_fetch_assoc($res); - $name = $row['fname']." ".$row['mname']." ".$row['lname']." ".$row['suffix']; + $name = sanitizeHTML($row['fname'])." ".sanitizeHTML($row['mname'])." ".sanitizeHTML($row['lname'])." ".sanitizeHTML($row['suffix']); if($_SESSION['_config']['wothash'] != md5($name."-".$row['dob']) || $_SESSION['_config']['wothash'] != $_REQUEST['pagehash']) { show_page("VerifyData","",_("Race condition discovered, user altered details during assurance procedure. PLEASE MAKE SURE THE NEW DETAILS BELOW MATCH THE ID DOCUMENTS.")); |