Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Fix #15416: XSS issue in adm_config_report.php

If a 'complex' config option contains javascript code, it would be
executed when displaying the page.
  • Loading branch information...
commit 5858a659efe12743b4360da11e9320c7f6ac6e82 1 parent c61dc63
@dregad dregad authored
Showing with 1 addition and 1 deletion.
  1. +1 −1  adm_config_report.php
View
2  adm_config_report.php
@@ -87,7 +87,7 @@ function print_config_value_as_string( $p_type, $p_value, $p_for_display = true
}
if( $p_for_display ) {
- echo "<pre>$t_output</pre>";
+ echo '<pre>' . string_attribute( $t_output ) . '</pre>';
} else {
echo $t_output;
}
Please sign in to comment.
Something went wrong with that request. Please try again.