Merge pull request #1 from silverstripe-security/fixes/ss-2015-016

[ss-2015-016]: Fix XSS in install.php
This commit is contained in:
Ingo Schommer 2015-09-09 09:48:56 +12:00
commit 4c73721bab

View File

@ -202,14 +202,14 @@
<div class="field"> <div class="field">
<label for="admin_username">Email:</label> <label for="admin_username">Email:</label>
<span class="middleColumn"> <span class="middleColumn">
<input type="text" class="text configured-by-env" name="admin[username]" id="admin_username" value="<?php echo $adminConfig['username']; ?>" <?php if($usingEnv && defined('SS_DEFAULT_ADMIN_USERNAME')) echo 'disabled="disabled"' ?>> <input type="text" class="text configured-by-env" name="admin[username]" id="admin_username" value="<?php echo htmlspecialchars($adminConfig['username'], ENT_QUOTES, 'UTF-8'); ?>" <?php if($usingEnv && defined('SS_DEFAULT_ADMIN_USERNAME')) echo 'disabled="disabled"' ?>>
</span> </span>
</div> </div>
<div class="field"> <div class="field">
<label for="admin_password">Password:</label> <label for="admin_password">Password:</label>
<span class="middleColumn"> <span class="middleColumn">
<input type="password" class="text configured-by-env" name="admin[password]" id="admin_password" value="<?php echo $adminConfig['password']; ?>" <?php if($usingEnv && defined('SS_DEFAULT_ADMIN_PASSWORD')) echo 'disabled="disabled"' ?>> <input type="password" class="text configured-by-env" name="admin[password]" id="admin_password" value="<?php echo htmlspecialchars($adminConfig['password'], ENT_QUOTES, 'UTF-8'); ?>" <?php if($usingEnv && defined('SS_DEFAULT_ADMIN_PASSWORD')) echo 'disabled="disabled"' ?>>
</span> </span>
</div> </div>
</div> </div>