diff options
| -rw-r--r-- | includes/account.php | 8 | ||||
| -rw-r--r-- | pages/account/16.php | 2 | ||||
| -rw-r--r-- | pages/account/21.php | 4 |
3 files changed, 7 insertions, 7 deletions
diff --git a/includes/account.php b/includes/account.php index 9f5946f..bf503ec 100644 --- a/includes/account.php +++ b/includes/account.php @@ -1436,7 +1436,7 @@ function buildSubjectFromSession() { $_SESSION['_config']['emails'][] = $val; } $_SESSION['_config']['name'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['name']))); - $_SESSION['_config']['OU'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['OU']))); + $_SESSION['_config']['OU'] = stripslashes(trim($_REQUEST['OU'])); $_SESSION['_config']['description']= trim(stripslashes($_REQUEST['description'])); } @@ -1503,7 +1503,7 @@ function buildSubjectFromSession() { if($_SESSION['_config']['name'] != "") $emails .= "commonName = ".$_SESSION['_config']['name']."\n"; if($_SESSION['_config']['OU']) - $emails .= "organizationalUnitName = ".$_SESSION['_config']['OU']."\n"; + $emails .= "organizationalUnitName = ".mysql_real_escape_string($_SESSION['_config']['OU'])."\n"; if($org['O']) $emails .= "organizationName = ".$org['O']."\n"; if($org['L']) @@ -2436,7 +2436,7 @@ function buildSubjectFromSession() { else $masteracc = $_SESSION['_config'][masteracc] = 0; $_REQUEST['email'] = $_SESSION['_config']['email'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['email']))); - $OU = $_SESSION['_config']['OU'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['OU']))); + $_SESSION['_config']['OU'] = stripslashes(trim($_REQUEST['OU'])); $comments = $_SESSION['_config']['comments'] = mysql_real_escape_string(stripslashes(trim($_REQUEST['comments']))); $res = mysql_query("select * from `users` where `email`='".$_REQUEST['email']."' and `deleted`=0"); if(mysql_num_rows($res) <= 0) @@ -2458,7 +2458,7 @@ function buildSubjectFromSession() { set `memid`='".intval($row['id'])."', `orgid`='".intval($_SESSION['_config']['orgid'])."', `masteracc`='$masteracc', - `OU`='$OU', + `OU`='".mysql_real_escape_string($_SESSION['_config']['OU'])."', `comments`='$comments'"); } } diff --git a/pages/account/16.php b/pages/account/16.php index 564463e..db8a8f5 100644 --- a/pages/account/16.php +++ b/pages/account/16.php @@ -42,7 +42,7 @@ </tr> <tr> <td class="DataTD"><?=_("Department")?>:</td> - <td class="DataTD"><input type="text" name="OU" value="<?=array_key_exists('OU',$_SESSION['_config'])?($_SESSION['_config']['OU']):''?>"/></td> + <td class="DataTD"><input type="text" name="OU" value="<?=array_key_exists('OU',$_SESSION['_config'])?(sanitizeHTML($_SESSION['_config']['OU'])):''?>"/></td> </tr> <tr> <td class="DataTD" colspan="2" align="left"> diff --git a/pages/account/21.php b/pages/account/21.php index 75827fb..c5832b9 100644 --- a/pages/account/21.php +++ b/pages/account/21.php @@ -41,7 +41,7 @@ if (is_array($_SESSION['_config']['altrows'])) { } echo _("Organisation"), ": {$org['O']}<br>\n"; -echo _("Org. Unit"), ": {$_SESSION['_config']['OU']}<br>\n"; +echo _("Org. Unit"), ": ", sanitizeHTML($_SESSION['_config']['OU']), "<br>\n"; echo _("Location"), ": {$org['L']}<br>\n"; echo _("State/Province"), ": {$org['ST']}<br>\n"; echo _("Country"), ": {$org['C']}<br>\n"; @@ -52,7 +52,7 @@ echo _("Country"), ": {$org['C']}<br>\n"; <input type="submit" name="process" value="<?=_("Submit")?>"> <input type="hidden" name="oldid" value="<?=$id?>"> </p> - + <? if ($_SESSION['profile']['admin'] == 1) { ?> |