summaryrefslogtreecommitdiff
path: root/program/steps/settings
diff options
context:
space:
mode:
authorthomascube <thomas@roundcube.net>2005-11-01 00:01:40 +0000
committerthomascube <thomas@roundcube.net>2005-11-01 00:01:40 +0000
commitdba5f7c44a92c8e6986fa9395536347508145f60 (patch)
treee90c57be4dd31c14e6bc6b03d85ea5a9ad51ecd2 /program/steps/settings
parent9db57c57feeb113d370e52480c63b6cd00d292b2 (diff)
Prevent from identities XSS
Diffstat (limited to 'program/steps/settings')
-rw-r--r--program/steps/settings/save_identity.inc4
1 files changed, 2 insertions, 2 deletions
diff --git a/program/steps/settings/save_identity.inc b/program/steps/settings/save_identity.inc
index 680833d7c..ea186ec12 100644
--- a/program/steps/settings/save_identity.inc
+++ b/program/steps/settings/save_identity.inc
@@ -33,7 +33,7 @@ if ($_POST['_iid'])
if (!isset($_POST[$fname]))
continue;
- $a_write_sql[] = sprintf("`%s`='%s'", $col, addslashes($_POST[$fname]));
+ $a_write_sql[] = sprintf("`%s`='%s'", $col, addslashes(strip_tags($_POST[$fname])));
}
if (sizeof($a_write_sql))
@@ -87,7 +87,7 @@ else
continue;
$a_insert_cols[] = $DB->quoteIdentifier($col);
- $a_insert_values[] = sprintf("'%s'", addslashes($_POST[$fname]));
+ $a_insert_values[] = sprintf("'%s'", addslashes(strip_tags($_POST[$fname])));
}
if (sizeof($a_insert_cols))