Browse code
Fix XSS when deleting cert
Hanno Böck authored on 02/07/2022 20:36:21
Showing 1 changed files
| ... | ... |
@@ -15,6 +15,7 @@ Nevertheless, in case you use a significant part of this code, we ask (but not r |
| 15 | 15 |
*/ |
| 16 | 16 |
|
| 17 | 17 |
require_once("certs.php");
|
| 18 |
+require_once("inc/security.php");
|
|
| 18 | 19 |
require_role(ROLE_SYSTEMUSER); |
| 19 | 20 |
|
| 20 | 21 |
$section = 'vhosts_certs'; |
| ... | ... |
@@ -118,7 +119,7 @@ if ($_GET['action'] == 'new') {
|
| 118 | 119 |
$cert = cert_details($_GET['id']); |
| 119 | 120 |
$sure = user_is_sure(); |
| 120 | 121 |
if ($sure === null) {
|
| 121 |
- are_you_sure("action=delete&id={$cert['id']}", "Soll das Zertifikat für »{$cert['subject']}« (gültig von {$cert['valid_from']} bis {$cert['valid_until']}) wirklich entfernt werden?");
|
|
| 122 |
+ are_you_sure("action=delete&id={$cert['id']}", "Soll das Zertifikat für »".filter_output_html($cert['subject'])."« (gültig von {$cert['valid_from']} bis {$cert['valid_until']}) wirklich entfernt werden?");
|
|
| 122 | 123 |
} elseif ($sure === false) {
|
| 123 | 124 |
header('Location: certs');
|
| 124 | 125 |
die(); |