Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Fix an XSS issue in install.php
  • Loading branch information
jbtronics committed Jan 19, 2022
1 parent 5b9f07c commit 91e567d
Showing 1 changed file with 4 additions and 4 deletions.
8 changes: 4 additions & 4 deletions install.php
Expand Up @@ -155,7 +155,7 @@
$config['installation_complete']['database'] = true; // database settings successful set
$config['installation_complete']['db_backup_path'] = true; //Workaround, because we removed the dialog for this
} catch (Exception $e) {
$messages[] = array('text' => nl2br($e->getMessage()), 'strong' => true, 'color' => 'red');
$messages[] = array('text' => nl2br(htmlentities($e->getMessage())), 'strong' => true, 'color' => 'red');
}
break;

Expand All @@ -166,7 +166,7 @@

$config['installation_complete']['db_backup_path'] = true; // database backup path successful set
} catch (Exception $e) {
$messages[] = array('text' => nl2br($e->getMessage()), 'strong' => true, 'color' => 'red');
$messages[] = array('text' => nl2br(htmlentities($e->getMessage())), 'strong' => true, 'color' => 'red');
}
break;

Expand All @@ -179,7 +179,7 @@
try {
saveConfig();
} catch (Exception $e) {
$messages[] = array('text' => nl2br($e->getMessage()), 'strong' => true, 'color' => 'red');
$messages[] = array('text' => nl2br(htmlentities($e->getMessage())), 'strong' => true, 'color' => 'red');
$fatal_error = true;
}

Expand Down Expand Up @@ -228,7 +228,7 @@
$tmpl_site_to_show = 'finish';
}
} catch (Exception $e) {
$messages[] = array('text' => nl2br($e->getMessage()), 'strong' => true, 'color' => 'red');
$messages[] = array('text' => nl2br(htmlspecialchars($e->getMessage())), 'strong' => true, 'color' => 'red');
$fatal_error = true;
}
}
Expand Down

0 comments on commit 91e567d

Please sign in to comment.