From: Jonathan A. <jan...@us...> - 2003-01-24 02:29:52
|
Update of /cvsroot/squirrelmail/squirrelmail/plugins/mail_fetch In directory sc8-pr-cvs1:/tmp/cvs-serv21131/plugins/mail_fetch Modified Files: options.php Log Message: More XSS fixes Index: options.php =================================================================== RCS file: /cvsroot/squirrelmail/squirrelmail/plugins/mail_fetch/options.php,v retrieving revision 1.17 retrieving revision 1.18 diff -u -w -r1.17 -r1.18 --- options.php 23 Jan 2003 22:32:24 -0000 1.17 +++ options.php 24 Jan 2003 02:29:49 -0000 1.18 @@ -286,7 +286,7 @@ html_tag( 'td', "<INPUT TYPE=\"hidden\" NAME=\"mf_sn\" VALUE=\"$mf_sn\">" . '<INPUT TYPE="hidden" NAME="mf_action" VALUE="confirm_delete">' . - '<br>' . _("Selected Server:") . " <b>$mailfetch_server_[$mf_sn]</b><br>" . + '<br>' . _("Selected Server:") . " <b>" . htmlentities($mailfetch_server_[$mf_sn]) . "</b><br>" . _("Confirm delete of selected server?") . '<br><br>' . '<input type=submit name=submit_mailfetch value="' . _("Confirm Delete") . '">' . '<br></form>' , @@ -313,7 +313,7 @@ html_tag( 'table' ) . html_tag( 'tr', html_tag( 'th', _("Server:"), 'right' ) . - html_tag( 'td', '<input type="text" name="mf_server" value="' . $mailfetch_server_[$mf_sn] . '" size="40">', 'left' ) + html_tag( 'td', '<input type="text" name="mf_server" value="' . htmlentities($mailfetch_server_[$mf_sn]) . '" size="40">', 'left' ) ) . html_tag( 'tr', html_tag( 'th', _("Port:"), 'right' ) . @@ -321,7 +321,7 @@ ) . html_tag( 'tr', html_tag( 'th', _("Alias:"), 'right' ) . - html_tag( 'td', '<input type="text" name="mf_alias" value="' . $mailfetch_alias_[$mf_sn] . '" size="40">', 'left' ) + html_tag( 'td', '<input type="text" name="mf_alias" value="' . htmlentities($mailfetch_alias_[$mf_sn]) . '" size="40">', 'left' ) ) . html_tag( 'tr', html_tag( 'th', _("Username:"), 'right' ) . |