[security] Self-XSS in setup (host parameter), see PMASA-2011-19

This commit is contained in:
Michal Čihař
2011-12-13 12:42:39 -05:00
committed by Marc Delisle
parent bd3735ba58
commit 0e707906e6
2 changed files with 2 additions and 1 deletions

View File

@@ -425,7 +425,7 @@ class ConfigFile
return htmlspecialchars($verbose);
}
$host = $this->get("Servers/$id/host");
return empty($host) ? 'localhost' : $host;
return empty($host) ? 'localhost' : htmlspecialchars($host);
}
/**