Skip to content
Snippets Groups Projects
Commit 9a0b6945 authored by Peter Rotich's avatar Peter Rotich
Browse files

Merge pull request #1026 from greezybacon/issue/various-xss


Fix various XSS vulnerabilities

Reviewed-By: default avatarPeter Rotich <peter@osticket.com>
parents 621fd275 29b1c153
Branches
Tags
No related merge requests found
...@@ -12,7 +12,7 @@ Enter your username or email address again in the form below and press the ...@@ -12,7 +12,7 @@ Enter your username or email address again in the form below and press the
<div style="width:50%;display:inline-block"> <div style="width:50%;display:inline-block">
<?php csrf_token(); ?> <?php csrf_token(); ?>
<input type="hidden" name="do" value="reset"/> <input type="hidden" name="do" value="reset"/>
<input type="hidden" name="token" value="<?php echo $_REQUEST['token']; ?>"/> <input type="hidden" name="token" value="<?php echo Format::htmlchars($_REQUEST['token']); ?>"/>
<strong><?php echo Format::htmlchars($banner); ?></strong> <strong><?php echo Format::htmlchars($banner); ?></strong>
<br> <br>
<div> <div>
......
...@@ -13,6 +13,7 @@ if (isset($user) && $user instanceof ClientCreateRequest) { ...@@ -13,6 +13,7 @@ if (isset($user) && $user instanceof ClientCreateRequest) {
'username' => $user->getUsername(), 'username' => $user->getUsername(),
)); ));
} }
$info = Format::htmlchars(($errors && $_POST)?$_POST:$info);
?> ?>
<h1>Account Registration</h1> <h1>Account Registration</h1>
...@@ -22,8 +23,8 @@ your account ...@@ -22,8 +23,8 @@ your account
</p> </p>
<form action="account.php" method="post"> <form action="account.php" method="post">
<?php csrf_token(); ?> <?php csrf_token(); ?>
<input type="hidden" name="do" value="<?php echo $_REQUEST['do'] <input type="hidden" name="do" value="<?php echo Format::htmlchars($_REQUEST['do']
?: ($info['backend'] ? 'import' :'create'); ?>" /> ?: ($info['backend'] ? 'import' :'create')); ?>" />
<table width="800" class="padded"> <table width="800" class="padded">
<tbody> <tbody>
<?php <?php
......
...@@ -19,7 +19,7 @@ $info=Format::htmlchars(($errors && $_POST)?$_POST:$info); ...@@ -19,7 +19,7 @@ $info=Format::htmlchars(($errors && $_POST)?$_POST:$info);
<form action="?" method="post" id="save"> <form action="?" method="post" id="save">
<?php csrf_token(); ?> <?php csrf_token(); ?>
<input type="hidden" name="do" value="<?php echo $action; ?>"> <input type="hidden" name="do" value="<?php echo $action; ?>">
<input type="hidden" name="a" value="<?php echo $_REQUEST['a']; ?>"> <input type="hidden" name="a" value="<?php echo Format::htmlchars($_REQUEST['a']); ?>">
<input type="hidden" name="id" value="<?php echo $info['id']; ?>"> <input type="hidden" name="id" value="<?php echo $info['id']; ?>">
<h2>Custom List</h2> <h2>Custom List</h2>
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment