Description: Fix multiple Cross-Site Scripting vulnerabilities in file htdocs/entry_chooser.php. Author: Ismail Belkacim Bug-Ubuntu: https://bugs.launchpad.net/bugs/1701731 --- This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ Index: phpldapadmin-1.2.2/htdocs/entry_chooser.php =================================================================== --- phpldapadmin-1.2.2.orig/htdocs/entry_chooser.php +++ phpldapadmin-1.2.2/htdocs/entry_chooser.php @@ -15,9 +15,9 @@ $www['page'] = new page(); $request = array(); $request['container'] = get_request('container','GET'); -$request['form'] = get_request('form','GET'); -$request['element'] = get_request('element','GET'); -$request['rdn'] = get_request('rdn','GET'); +$request['form'] = htmlspecialchars(addslashes(get_request('form','GET'))); +$request['element'] = htmlspecialchars(addslashes(get_request('element','GET'))); +$request['rdn'] = htmlspecialchars(addslashes(get_request('rdn','GET'))); echo '