From 8ac27d6ed5751435d920f9ae99020752007d441d Mon Sep 17 00:00:00 2001 From: Benny Baumann Date: Tue, 11 Mar 2014 22:51:07 +0100 Subject: bug 448: Properly escape data that comes from the database --- includes/account.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'includes/account.php') diff --git a/includes/account.php b/includes/account.php index ca64ffd..497bf58 100644 --- a/includes/account.php +++ b/includes/account.php @@ -972,7 +972,7 @@ function buildSubjectFromSession() { continue; } mysql_query("update `domaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'"); - printf(_("Certificate for '%s' with the serial no '%s' has been revoked.").'
', $row['CN'], $row['serial']); + printf(_("Certificate for '%s' with the serial no '%s' has been revoked.").'
', htmlspecialchars($row['CN']), htmlspecialchars($row['serial'])); } // TRANSLATORS: Please don't translate "Certificate Revocation List (CRL)", it's a technical term @@ -1132,7 +1132,7 @@ function buildSubjectFromSession() { continue; } mysql_query("update `emailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'"); - printf(_("Certificate for '%s' with the serial no '%s' has been revoked.").'
', $row['CN'], $row['serial']); + printf(_("Certificate for '%s' with the serial no '%s' has been revoked.").'
', htmlspecialchars($row['CN']), htmlspecialchars($row['serial'])); } // TRANSLATORS: Please don't translate "Certificate Revocation List (CRL)", it's a technical term @@ -1762,7 +1762,7 @@ function buildSubjectFromSession() { continue; } mysql_query("update `orgemailcerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'"); - printf(_("Certificate for '%s' with the serial no '%s' has been revoked.").'
', $row['CN'], $row['serial']); + printf(_("Certificate for '%s' with the serial no '%s' has been revoked.").'
', htmlspecialchars($row['CN']), htmlspecialchars($row['serial'])); } // TRANSLATORS: Please don't translate "Certificate Revocation List (CRL)", it's a technical term @@ -2121,7 +2121,7 @@ function buildSubjectFromSession() { continue; } mysql_query("update `orgdomaincerts` set `revoked`='1970-01-01 10:00:01' where `id`='$id'"); - printf(_("Certificate for '%s' with the serial no '%s' has been revoked.").'
', $row['CN'], $row['serial']); + printf(_("Certificate for '%s' with the serial no '%s' has been revoked.").'
', htmlspecialchars($row['CN']), htmlspecialchars($row['serial'])); } // TRANSLATORS: Please don't translate "Certificate Revocation List (CRL)", it's a technical term -- cgit v1.2.1