From 1c0aeb0e9fb730b46d29bbaff50ecfe62348d53d Mon Sep 17 00:00:00 2001
From: Roland Gruber <post@rolandgruber.de>
Date: Tue, 20 Mar 2012 20:44:24 +0000
Subject: [PATCH] additional checks

---
 lam/templates/pdfedit/pdfmain.php      | 4 ++--
 lam/templates/profedit/profilemain.php | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/lam/templates/pdfedit/pdfmain.php b/lam/templates/pdfedit/pdfmain.php
index fd97abc0..4f699d4b 100644
--- a/lam/templates/pdfedit/pdfmain.php
+++ b/lam/templates/pdfedit/pdfmain.php
@@ -64,7 +64,7 @@ if (!$_SESSION['ldap'] || !$_SESSION['ldap']->server()) {
 
 // check if new template should be created
 if(isset($_POST['createNewTemplate'])) {
-	metaRefresh('pdfpage.php?type=' . $_POST['scope']);
+	metaRefresh('pdfpage.php?type=' . htmlspecialchars($_POST['scope']));
 	exit();
 }
 
@@ -110,7 +110,7 @@ for ($i = 0; $i < sizeof($templateClasses); $i++) {
 // check if a template should be edited
 for ($i = 0; $i < sizeof($templateClasses); $i++) {
 	if (isset($_POST['editTemplate_' . $templateClasses[$i]['scope']]) || isset($_POST['editTemplate_' . $templateClasses[$i]['scope'] . '_x'])) {
-		metaRefresh('pdfpage.php?type=' . $templateClasses[$i]['scope'] . '&edit=' . $_POST['template_' . $templateClasses[$i]['scope']]);
+		metaRefresh('pdfpage.php?type=' . htmlspecialchars($templateClasses[$i]['scope']) . '&edit=' . htmlspecialchars($_POST['template_' . $templateClasses[$i]['scope']]));
 		exit;
 	}
 }
diff --git a/lam/templates/profedit/profilemain.php b/lam/templates/profedit/profilemain.php
index e2640122..41649f3c 100644
--- a/lam/templates/profedit/profilemain.php
+++ b/lam/templates/profedit/profilemain.php
@@ -69,14 +69,14 @@ if (!$_SESSION['ldap'] || !$_SESSION['ldap']->server()) {
 
 // check if new profile should be created
 elseif (isset($_POST['createProfileButton'])) {
-	metaRefresh("profilepage.php?type=" . $_POST['createProfile']);
+	metaRefresh("profilepage.php?type=" . htmlspecialchars($_POST['createProfile']));
 	exit;
 }
 // check if a profile should be edited
 for ($i = 0; $i < sizeof($profileClasses); $i++) {
 	if (isset($_POST['editProfile_' . $profileClasses[$i]['scope']]) || isset($_POST['editProfile_' . $profileClasses[$i]['scope'] . '_x'])) {
-		metaRefresh("profilepage.php?type=" . $profileClasses[$i]['scope'] .
-					"&amp;edit=" . $_POST['profile_' . $profileClasses[$i]['scope']]);
+		metaRefresh("profilepage.php?type=" . htmlspecialchars($profileClasses[$i]['scope']) .
+					"&amp;edit=" . htmlspecialchars($_POST['profile_' . $profileClasses[$i]['scope']]));
 		exit;
 	}
 }