bug 1291: Fix XSS in WoT 15
authorFelix Dörre <felix@dogcraft.de>
Sun, 27 Jul 2014 10:49:28 +0000 (12:49 +0200)
committerBenny Baumann <BenBE@geshi.org>
Sun, 27 Jul 2014 10:49:28 +0000 (12:49 +0200)
includes/notary.inc.php

index f15e09e..3b8e736 100644 (file)
@@ -502,7 +502,7 @@ define('THAWTE_REVOCATION_DATETIME', '2010-11-16 00:00:00');
 ?>
                <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$name?><?=$emclose?></td>
                <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$revoked ? sprintf("<strong style='color: red'>%s</strong>",_("Revoked")) : $awarded?><?=$emclose?></td>
-               <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$location?><?=$emclose?></td>
+               <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=sanitizeHTML($location)?><?=$emclose?></td>
                <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$method?><?=$emclose?></td>
                <td class="DataTD" <?=$tdstyle?>><?=$emopen?><?=$experience?$experience:'&nbsp;'?><?=$emclose?></td>
 <?