From 31249d932d93c4baed1ffbfcad87bdad814aee04 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak
Date: Sat, 30 May 2020 08:05:37 +0200
Subject: [PATCH] Security: Fix couple of XSS issues in Installer (#7406)
---
CHANGELOG | 1 +
installer/test.php | 8 ++++----
2 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/CHANGELOG b/CHANGELOG
index f65e6573d..1652640bd 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -34,6 +34,7 @@ CHANGELOG Roundcube Webmail
- Fix error when user-configured skin does not exist anymore (#7271)
- Elastic: Fix aspect ratio of a contact photo in mail preview (#7339)
- Fix bug where PDF attachments marked as inline could have not been attached on mail forward (#7382)
+- Security: Fix couple of XSS issues in Installer (#7406)
RELEASE 1.4.4
-------------
diff --git a/installer/test.php b/installer/test.php
index c71f0350f..9e28afb03 100644
--- a/installer/test.php
+++ b/installer/test.php
@@ -139,7 +139,7 @@ if ($RCI->configured) {
else {
$RCI->fail('DSN (write)', $db_error_msg);
echo 'Make sure that the configured database exists and that the user has write privileges
';
- echo 'DSN: ' . $RCI->config['db_dsnw'] . '
';
+ echo 'DSN: ' . rcube::Q($RCI->config['db_dsnw']) . '
';
}
}
else {
@@ -297,15 +297,15 @@ if ($pass == '%p') {
|
- getprop('smtp_port'); ?> |
+ getprop('smtp_port')); ?> |
|
- |
+ |
|
- |
+ |