Permalink
Browse files

Fix possible XSS attack due to user's real name not being escaped

  • Loading branch information...
1 parent ae541df commit 46e3d3ad195dcdc1af1795c96b6e0dc778fb6881 @jcameron jcameron committed Apr 24, 2011
Showing with 6 additions and 6 deletions.
  1. +6 −6 useradmin/user-lib.pl
View
@@ -2316,11 +2316,11 @@ sub users_table
push(@cols, "") if ($anyedit && $u->{'noedit'});
push(@cols, &user_link($u));
push(@cols, $u->{'uid'});
- push(@cols, $gidgrp{$u->{'gid'}}||$u->{'gid'});
- push(@cols, $u->{'real'});
- push(@cols, $u->{'home'});
- push(@cols, $u->{'shell'});
- push(@cols, $llogin{$u->{'user'}}) if ($lshow);
+ push(@cols, $gidgrp{$u->{'gid'}} || $u->{'gid'});
+ push(@cols, &html_escape($u->{'real'}));
+ push(@cols, &html_escape($u->{'home'}));
+ push(@cols, &html_escape($u->{'shell'}));
+ push(@cols, &html_escape($llogin{$u->{'user'}})) if ($lshow);
if ($u->{'noedit'}) {
print &ui_columns_row(\@cols, \@tds);
}
@@ -2387,7 +2387,7 @@ sub groups_table
push(@cols, &group_link($g));
push(@cols, $g->{'gid'});
if ($anydesc) {
- push(@cols, $g->{'desc'});
+ push(@cols, &html_escape($g->{'desc'}));
}
push(@cols, &html_escape($members));
if ($g->{'noedit'} || !$access{'gdelete'}) {

0 comments on commit 46e3d3a

Please sign in to comment.