Merge pull request #1026 from greezybacon/issue/various-xss

Fix various XSS vulnerabilities

Reviewed-By: Peter Rotich <peter@osticket.com>

include/client/pwreset.login.php

@@ -12,7 +12,7 @@ Enter your username or email address again in the form below and press the
     <div style="width:50%;display:inline-block">
     <?php csrf_token(); ?>
     <input type="hidden" name="do" value="reset"/>
-    <input type="hidden" name="token" value="<?php echo $_REQUEST['token']; ?>"/>
+    <input type="hidden" name="token" value="<?php echo Format::htmlchars($_REQUEST['token']); ?>"/>
     <strong><?php echo Format::htmlchars($banner); ?></strong>
     <br>
     <div>

include/client/register.inc.php

@@ -13,6 +13,7 @@ if (isset($user) && $user instanceof ClientCreateRequest) {
         'username' => $user->getUsername(),
     ));
 }
+$info = Format::htmlchars(($errors && $_POST)?$_POST:$info);
 
 ?>
 <h1>Account Registration</h1>
@@ -22,8 +23,8 @@ your account
 </p>
 <form action="account.php" method="post">
   <?php csrf_token(); ?>
-  <input type="hidden" name="do" value="<?php echo $_REQUEST['do']
-    ?: ($info['backend'] ? 'import' :'create'); ?>" />
+  <input type="hidden" name="do" value="<?php echo Format::htmlchars($_REQUEST['do']
+    ?: ($info['backend'] ? 'import' :'create')); ?>" />
 <table width="800" class="padded">
 <tbody>
 <?php

include/staff/dynamic-list.inc.php

@@ -19,7 +19,7 @@ $info=Format::htmlchars(($errors && $_POST)?$_POST:$info);
 <form action="?" method="post" id="save">
     <?php csrf_token(); ?>
     <input type="hidden" name="do" value="<?php echo $action; ?>">
-    <input type="hidden" name="a" value="<?php echo $_REQUEST['a']; ?>">
+    <input type="hidden" name="a" value="<?php echo Format::htmlchars($_REQUEST['a']); ?>">
     <input type="hidden" name="id" value="<?php echo $info['id']; ?>">
     <h2>Custom List</h2>