[ss-2015-016]: Fix XSS in install.php

This commit is contained in:
Damian Mooyman 2015-09-08 10:04:21 +12:00
parent 92f9af1984
commit d8fd64c3e2

View File

@ -202,14 +202,14 @@
<div class="field">
<label for="admin_username">Email:</label>
<span class="middleColumn">
<input type="text" class="text configured-by-env" name="admin[username]" id="admin_username" value="<?php echo $adminConfig['username']; ?>" <?php if($usingEnv && defined('SS_DEFAULT_ADMIN_USERNAME')) echo 'disabled="disabled"' ?>>
<input type="text" class="text configured-by-env" name="admin[username]" id="admin_username" value="<?php echo htmlspecialchars($adminConfig['username'], ENT_QUOTES, 'UTF-8'); ?>" <?php if($usingEnv && defined('SS_DEFAULT_ADMIN_USERNAME')) echo 'disabled="disabled"' ?>>
</span>
</div>
<div class="field">
<label for="admin_password">Password:</label>
<span class="middleColumn">
<input type="password" class="text configured-by-env" name="admin[password]" id="admin_password" value="<?php echo $adminConfig['password']; ?>" <?php if($usingEnv && defined('SS_DEFAULT_ADMIN_PASSWORD')) echo 'disabled="disabled"' ?>>
<input type="password" class="text configured-by-env" name="admin[password]" id="admin_password" value="<?php echo htmlspecialchars($adminConfig['password'], ENT_QUOTES, 'UTF-8'); ?>" <?php if($usingEnv && defined('SS_DEFAULT_ADMIN_PASSWORD')) echo 'disabled="disabled"' ?>>
</span>
</div>
</div>