possible XSS during setup

2008-07-24 17:26:05 +00:00
parent 152a7342fd
commit 0bfb27fb05
2 changed files with 2 additions and 1 deletions
--- a/1
+++ b/1
@@ -95,6 +95,7 @@ danbarry
 - bug #2022182 [import, export] Import/Export fails because of Mac files
 - [security] protection against cross-frame scripting and
  new directive AllowThirdPartyFraming, thanks to YGN Ethical Hacker Group
+- [security] possible XSS during setup, thanks to YGN Ethical Hacker Group

 2.11.7.1 (2008-07-15)
 - bug [security] XSRF/CSRF by manipulating the db,
--- a/scripts/setup.php
+++ b/scripts/setup.php
@@ -682,7 +682,7 @@ function show_overview($title, $list, $buttons = '') {
        echo $val[0];
        echo '</div>';
        echo '<div class="data">';
-        echo $val[1];
+        echo htmlspecialchars($val[1]);
        echo '</div>';
        echo '</div>' . "\n";
    }