Permalink
Browse files

Fix #15416: XSS issue in adm_config_report.php

If a 'complex' config option contains javascript code, it would be
executed when displaying the page.
  • Loading branch information...
dregad committed Jan 23, 2013
1 parent c61dc63 commit 5858a659efe12743b4360da11e9320c7f6ac6e82
Showing with 1 addition and 1 deletion.
  1. +1 −1 adm_config_report.php
View
@@ -87,7 +87,7 @@ function print_config_value_as_string( $p_type, $p_value, $p_for_display = true
}
if( $p_for_display ) {
- echo "<pre>$t_output</pre>";
+ echo '<pre>' . string_attribute( $t_output ) . '</pre>';
} else {
echo $t_output;
}

0 comments on commit 5858a65

Please sign in to comment.