Skip to content

Commit 03f73d4

Browse files
committed
Fix XSS on server privileges
Signed-off-by: Michal Čihař <michal@cihar.com>
1 parent 7221357 commit 03f73d4

File tree

1 file changed

+3
-3
lines changed

1 file changed

+3
-3
lines changed

Diff for: libraries/server_privileges.lib.php

+3-3
Original file line numberDiff line numberDiff line change
@@ -806,7 +806,7 @@ function PMA_getHtmlForRequires($row)
806806
. 'REQUIRE CIPHER'
807807
. '</dfn></code></label>';
808808
$html_output .= '<input type="text" name="ssl_cipher" id="text_ssl_cipher" '
809-
. 'value="' . (isset($row['ssl_cipher']) ? $row['ssl_cipher'] : '') . '" '
809+
. 'value="' . (isset($row['ssl_cipher']) ? htmlspecialchars($row['ssl_cipher']) : '') . '" '
810810
. 'size=80" title="'
811811
. __(
812812
'Requires that a specific cipher method be used for a connection.'
@@ -826,7 +826,7 @@ function PMA_getHtmlForRequires($row)
826826
. 'REQUIRE ISSUER'
827827
. '</dfn></code></label>';
828828
$html_output .= '<input type="text" name="x509_issuer" id="text_x509_issuer" '
829-
. 'value="' . (isset($row['x509_issuer']) ? $row['x509_issuer'] : '') . '" '
829+
. 'value="' . (isset($row['x509_issuer']) ? htmlspecialchars($row['x509_issuer']) : '') . '" '
830830
. 'size=80" title="'
831831
. __(
832832
'Requires that a valid X509 certificate issued by this CA be presented.'
@@ -846,7 +846,7 @@ function PMA_getHtmlForRequires($row)
846846
. 'REQUIRE SUBJECT'
847847
. '</dfn></code></label>';
848848
$html_output .= '<input type="text" name="x509_subject" id="text_x509_subject" '
849-
. 'value="' . (isset($row['x509_subject']) ? $row['x509_subject'] : '')
849+
. 'value="' . (isset($row['x509_subject']) ? htmlspecialchars($row['x509_subject']) : '')
850850
. '" size=80" title="'
851851
. __(
852852
'Requires that a valid X509 certificate with this subject be presented.'

0 commit comments

Comments
 (0)