projects / squirrelmail.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: bcb9c67)
More XSS fixes
authorjangliss <jangliss@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Fri, 24 Jan 2003 02:29:49 +0000 (02:29 +0000)
committerjangliss <jangliss@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Fri, 24 Jan 2003 02:29:49 +0000 (02:29 +0000)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@4467 7612ce4b-ef26-0410-bec9-ea0150e637f0

plugins/mail_fetch/options.php patch | blob | blame | history

diff --git a/plugins/mail_fetch/options.php b/plugins/mail_fetch/options.php
index a6782d227fdf19a3c7668f2e2899f30be07bd712..1ba30642deeeba3b5581f6c60fde4569330ddb9c 100644 (file)
--- a/plugins/mail_fetch/options.php
+++ b/plugins/mail_fetch/options.php
@@ -286,7 +286,7 @@ require_once(SM_PATH . 'include/load_prefs.php');
                     html_tag( 'td',
                         "<INPUT TYPE=\"hidden\" NAME=\"mf_sn\" VALUE=\"$mf_sn\">" .
                         '<INPUT TYPE="hidden" NAME="mf_action" VALUE="confirm_delete">' .
-                        '<br>' . _("Selected Server:") . " <b>$mailfetch_server_[$mf_sn]</b><br>" .
+                        '<br>' . _("Selected Server:") . " <b>" . htmlentities($mailfetch_server_[$mf_sn]) . "</b><br>" .
                         _("Confirm delete of selected server?") . '<br><br>' .
                         '<input type=submit name=submit_mailfetch value="' . _("Confirm Delete") . '">' .
                         '<br></form>' ,
@@ -313,7 +313,7 @@ require_once(SM_PATH . 'include/load_prefs.php');
             html_tag( 'table' ) .
                 html_tag( 'tr',
                     html_tag( 'th', _("Server:"), 'right' ) .
-                    html_tag( 'td', '<input type="text" name="mf_server" value="' . $mailfetch_server_[$mf_sn] . '" size="40">', 'left' )
+                    html_tag( 'td', '<input type="text" name="mf_server" value="' . htmlentities($mailfetch_server_[$mf_sn]) . '" size="40">', 'left' )
                 ) .
                 html_tag( 'tr',
                     html_tag( 'th', _("Port:"), 'right' ) .
@@ -321,7 +321,7 @@ require_once(SM_PATH . 'include/load_prefs.php');
                 ) .
                 html_tag( 'tr',
                     html_tag( 'th', _("Alias:"), 'right' ) .
-                    html_tag( 'td', '<input type="text" name="mf_alias" value="' . $mailfetch_alias_[$mf_sn] . '" size="40">', 'left' )
+                    html_tag( 'td', '<input type="text" name="mf_alias" value="' . htmlentities($mailfetch_alias_[$mf_sn]) . '" size="40">', 'left' )
                 ) .
                 html_tag( 'tr',
                     html_tag( 'th', _("Username:"), 'right' ) .
Unnamed repository; edit this file 'description' to name the repository.