summaryrefslogtreecommitdiff
path: root/net-nds/phpldapadmin/files/phpldapadmin-1.2.2-base.patch
diff options
context:
space:
mode:
Diffstat (limited to 'net-nds/phpldapadmin/files/phpldapadmin-1.2.2-base.patch')
-rw-r--r--net-nds/phpldapadmin/files/phpldapadmin-1.2.2-base.patch34
1 files changed, 34 insertions, 0 deletions
diff --git a/net-nds/phpldapadmin/files/phpldapadmin-1.2.2-base.patch b/net-nds/phpldapadmin/files/phpldapadmin-1.2.2-base.patch
new file mode 100644
index 000000000000..bff3c6268556
--- /dev/null
+++ b/net-nds/phpldapadmin/files/phpldapadmin-1.2.2-base.patch
@@ -0,0 +1,34 @@
+From 7dc8d57d6952fe681cb9e8818df7f103220457bd Mon Sep 17 00:00:00 2001
+From: Deon George <wurley@users.sf.net>
+Date: Tue, 24 Jan 2012 12:37:28 +1100
+Subject: [PATCH] SF Bug #3477910 - XSS vulnerability in query
+
+---
+ lib/QueryRender.php | 4 ++--
+ 1 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/lib/QueryRender.php b/lib/QueryRender.php
+index 291ec40..685f3ba 100644
+--- a/lib/QueryRender.php
++++ b/lib/QueryRender.php
+@@ -497,7 +497,7 @@ class QueryRender extends PageRender {
+ $this->getAjaxRef($base),
+ $this->getAjaxRef($base),
+ ($show == $this->getAjaxRef($base) ? '#F0F0F0' : '#E0E0E0'),
+- $base);
++ htmlspecialchars($base));
+ }
+ echo '</tr>';
+ echo '</table>';
+@@ -545,7 +545,7 @@ class QueryRender extends PageRender {
+ echo ' ]</small>';
+
+ echo '<br />';
+- printf('<small>%s: <b>%s</b></small>',_('Base DN'),$base);
++ printf('<small>%s: <b>%s</b></small>',_('Base DN'),htmlspecialchars($base));
+
+ echo '<br />';
+ printf('<small>%s: <b>%s</b></small>',_('Filter performed'),htmlspecialchars($this->template->resultsdata[$base]['filter']));
+--
+1.7.4.1
+
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-11 16:05:53 +0000