fixed XSS

This commit is contained in:
Roland Gruber 2012-03-03 19:33:26 +00:00
parent e2a912583d
commit 84dfcb203f
1 changed files with 1 additions and 1 deletions

View File

@ -34,7 +34,7 @@ if ($request['attribute']->isReadOnly())
# Render the form # Render the form
if (! strcasecmp($request['attr'],'objectclass') || get_request('meth','REQUEST') != 'ajax') { if (! strcasecmp($request['attr'],'objectclass') || get_request('meth','REQUEST') != 'ajax') {
# Render the form. # Render the form.
$request['page']->drawTitle(sprintf(_('Add new <b>%s</b> value to <b>%s</b>'),$request['attr'],get_rdn($request['dn']))); $request['page']->drawTitle(sprintf(_('Add new <b>%s</b> value to <b>%s</b>'), htmlspecialchars($request['attr']),htmlspecialchars(get_rdn($request['dn']))));
$request['page']->drawSubTitle(); $request['page']->drawSubTitle();
if (! strcasecmp($request['attr'],'objectclass')) { if (! strcasecmp($request['attr'],'objectclass')) {