The LDAP bind password should not be interpreted as HTML.

thexerteproject · Sep 7, 2017 · f7fc917 · f7fc917
1 parent 65b850d
commit f7fc917
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/website_code/php/management/site.php b/website_code/php/management/site.php
@@ -182,7 +182,7 @@
 
     echo "<p>" . MANAGEMENT_SITE_LDAP_PORT . "<form><textarea id=\"ldap_port\">" . $row['ldap_port'] . "</textarea></form></p>";
 
-    echo "<p>" . MANAGEMENT_SITE_LDAP_PASSWORD . "<form><textarea id=\"bind_pwd\">" . $row['bind_pwd'] . "</textarea></form></p>";
+    echo "<p>" . MANAGEMENT_SITE_LDAP_PASSWORD . "<form><textarea id=\"bind_pwd\">" . htmlspecialchars($row['bind_pwd']) . "</textarea></form></p>";
 
     echo "<p>" . MANAGEMENT_SITE_LDAP_BASE . "<form><textarea id=\"base_dn\">" . $row['basedn'] . "</textarea></form></p>";