From 56070d6289d47ba3f5918885954dcceb75606001 Mon Sep 17 00:00:00 2001 From: bzapiec Date: Mon, 4 Jun 2018 14:03:39 +0200 Subject: [PATCH] (see #14) escape html entities for uid to avoid code execution --- gosa-core/html/password.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gosa-core/html/password.php b/gosa-core/html/password.php index 0b93bf955..7492667b8 100644 --- a/gosa-core/html/password.php +++ b/gosa-core/html/password.php @@ -305,7 +305,7 @@ $smarty->assign('params', $params); /* Fill template with required values */ $smarty->assign('date', gmdate("D, d M Y H:i:s")); -$smarty->assign('uid', $uid); +$smarty->assign('uid', set_post($uid)); $smarty->assign('password_img', get_template_path('images/password.png')); /* Displasy SSL mode warning? */ -- 2.11.0