Skip to content
Permalink
Browse files Browse the repository at this point in the history
Merge pull request #2356 from Orange-OpenSource/fix/orange-opensource…
…/security/fix-reflected-xss

fix(security) fix Reflected XSS vulnerability

Reviewed-by: shaheem.azmal@siemens.com
Tested-by: shaheem.azmal@siemens.com
  • Loading branch information
shaheemazmalmmd committed Jan 2, 2023
2 parents ace6914 + d10d972 commit 8e0eba0
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 3 deletions.
2 changes: 1 addition & 1 deletion src/lib/php/common-db.php
Expand Up @@ -195,7 +195,7 @@ function DBCheckResult($result, $sql, $filenm, $lineno)
} else {
echo "FATAL: DB connection lost.";
}
echo "<br> $sql";
echo "<br> ".htmlspecialchars($sql);
debugbacktrace();
echo "<hr>";
exit(1);
Expand Down
4 changes: 2 additions & 2 deletions src/www/ui/admin-config.php
Expand Up @@ -182,11 +182,11 @@ function Output()
*/
if (! strcmp($validation_function, 'check_boolean')) {
$warning_msg = _(
"Error: You set $ui_label to $VarValue. Valid values are 'true' and 'false'.");
"Error: You set $ui_label to ".htmlspecialchars($VarValue).". Valid values are 'true' and 'false'.");
echo "<script>alert('$warning_msg');</script>";
} else if (strpos($validation_function, "url")) {
$warning_msg = _(
"Error: $ui_label $VarValue, is not a reachable URL.");
"Error: $ui_label ".htmlspecialchars($VarValue).", is not a reachable URL.");
echo "<script>alert('$warning_msg');</script>";
}

Expand Down

0 comments on commit 8e0eba0

Please sign in to comment.