Roundcubemail devel
parent: 9db57c57 | patch | commit | ignore whitespace
thomascube
2005-10-31 dba5f7c44a92c8e6986fa9395536347508145f60 
Prevent from identities XSS


2 files modified
6 ■■■■■ changed files
CHANGELOG 2 ●●●●● patch | view | raw | blame | history
program/steps/settings/save_identity.inc 4 ●●●● patch | view | raw | blame | history 
 CHANGELOG


@@ -68,3 +68,5 @@


- Set default user language from config 'locale_string'


- Added sorting patch for message list


- Make default sort col/order configurable


- Fixed XSS in address book and identities






 program/steps/settings/save_identity.inc


@@ -33,7 +33,7 @@


    if (!isset($_POST[$fname]))


      continue;




    $a_write_sql[] = sprintf("`%s`='%s'", $col, addslashes($_POST[$fname]));


    $a_write_sql[] = sprintf("`%s`='%s'", $col, addslashes(strip_tags($_POST[$fname])));


    }




  if (sizeof($a_write_sql))


@@ -87,7 +87,7 @@


      continue;


    


    $a_insert_cols[] = $DB->quoteIdentifier($col);


    $a_insert_values[] = sprintf("'%s'", addslashes($_POST[$fname]));


    $a_insert_values[] = sprintf("'%s'", addslashes(strip_tags($_POST[$fname])));


    }


    


  if (sizeof($a_insert_cols))