phpBMS

Ticket #22: adminsettings_patch.diff

File adminsettings_patch.diff, 1.9 KB (added by jceh, 6 years ago)

  • home/johnny/public_html/phpbms/modules/base/adminsettings.php

     
    101101                <legend>company</legend> 
    102102                <label for="scompany_name"> 
    103103                        company name<br /> 
    104                         <input id="scompany_name" name="scompany_name" type="text" size="40" maxlength="128" value="<?php echo htmlQuotes($_SESSION["company_name"]) ?>" /> 
     104                        <input id="scompany_name" name="scompany_name" type="text" size="40" maxlength="128" value="<?php echo stripslashes(htmlQuotes($_SESSION["company_name"])) ?>" /> 
    105105                </label> 
    106106                <label for="scompany_address"> 
    107107                        address<br /> 
    108                         <input id="scompany_address" name="scompany_address" type="text" value="<?php echo htmlQuotes($_SESSION["company_address"]) ?>" size="40" maxlength="128" /> 
     108                        <input id="scompany_address" name="scompany_address" type="text" value="<?php echo stripslashes(htmlQuotes($_SESSION["company_address"])) ?>" size="40" maxlength="128" /> 
    109109                </label> 
    110110                <label for="scompany_csz"> 
    111111                        city, state/province and zip/postal code<br /> 
    112                         <input id="scompany_csz" name="scompany_csz" type="text" size="40" maxlength="128"  value="<?php echo htmlQuotes($_SESSION["company_csz"]) ?>" /> 
     112                        <input id="scompany_csz" name="scompany_csz" type="text" size="40" maxlength="128"  value="<?php echo stripslashes(htmlQuotes($_SESSION["company_csz"])) ?>" /> 
    113113                </label> 
    114114                <label for="scompany_phone"> 
    115115                        phone number<br /> 
    116                         <input id="scompany_phone" name="scompany_phone" type="text" value="<?php echo htmlQuotes($_SESSION["company_phone"]) ?>" size="40" maxlength="128" /> 
     116                        <input id="scompany_phone" name="scompany_phone" type="text" value="<?php echo stripslashes(htmlQuotes($_SESSION["company_phone"])) ?>" size="40" maxlength="128" /> 
    117117                </label> 
    118118        </fieldset> 
    119119         
phpBMS vulnerability assesment provided by Orvant Inc. Copyright © 2010 Kreotek, LLC. All Rights reserved.