1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
From: William Desportes <williamdes@wdes.fr>
Date: Thu, 3 Apr 2025 19:06:36 +0200
Subject: CVE-2024-9101 - Reflected Cross-Site Scripting in entry_chooser.php
Origin: vendor
Forwarded: no
Ref: https://www.redguard.ch/blog/2024/12/19/security-advisory-phpldapadmin/
---
htdocs/entry_chooser.php | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/htdocs/entry_chooser.php b/htdocs/entry_chooser.php
index e2d7bf5..56061cf 100644
--- a/htdocs/entry_chooser.php
+++ b/htdocs/entry_chooser.php
@@ -24,8 +24,13 @@ printf('<h3 class="subtitle">%s</h3>',_('Entry Chooser'));
echo '<script type="text/javascript">';
echo ' function returnDN(dn) {';
-printf(" eval ('o = opener.document.getElementById(\"%s\").%s;');",$request['form'],$request['element']);
-echo ' o.value = dn;';
+echo ' var formElement = opener.document.getElementById("' . htmlspecialchars($request['form'], ENT_QUOTES, 'UTF-8') . '");';
+echo ' if (formElement) {';
+echo ' var elementName = "' . htmlspecialchars($request['element'], ENT_QUOTES, 'UTF-8') . '";';
+echo ' if (formElement[elementName] !== undefined) {';
+echo ' formElement[elementName].value = dn;';
+echo ' }';
+echo ' }';
echo ' close();';
echo ' }';
echo '</script>';
|
