Skip to content

O
Openfire
Commit b91f85c9 authored by Dave Cridland's avatar Dave Cridland Committed by Guus der Kinderen
Browse files
Options

OF-836 Close off XSS issues 

Still present is the DWR case.
parent bfec927b
Hide whitespace changes
Inline Side-by-side
Showing with 4 additions and 4 deletions
src/web/setup/setup-admin-settings.jsp
View file @ b91f85c9
...@@ -275,7 +275,7 @@ function checkClick() { ...@@ -275,7 +275,7 @@ function checkClick() {
</td> </td>
<td> <td>
<input type="password" name="password" size="20" maxlength="50" <input type="password" name="password" size="20" maxlength="50"
value="<%= ((password!=null) ? password : "") %>"><br> value="<%= ((password!=null) ? StringUtils.escapeForXML(password) : "") %>"><br>
<% if (errors.get("password") != null) { %> <% if (errors.get("password") != null) { %>
<span class="jive-error-text"> <span class="jive-error-text">
...@@ -311,7 +311,7 @@ function checkClick() { ...@@ -311,7 +311,7 @@ function checkClick() {
</td> </td>
<td> <td>
<input type="text" name="email" size="40" maxlength="150" <input type="text" name="email" size="40" maxlength="150"
value="<%= ((email!=null) ? email : currentEmail) %>"><br> value="<%= ((email!=null) ? StringUtils.escapeForXML(email) : StringUtils.escapeForXML(currentEmail)) %>"><br>
<% if (errors.get("email") != null) { %> <% if (errors.get("email") != null) { %>
<span class="jive-error-text"> <span class="jive-error-text">
...@@ -330,7 +330,7 @@ function checkClick() { ...@@ -330,7 +330,7 @@ function checkClick() {
</td> </td>
<td> <td>
<input type="password" name="newPassword" size="20" maxlength="50" <input type="password" name="newPassword" size="20" maxlength="50"
value="<%= ((newPassword!=null) ? newPassword : "") %>"><br> value="<%= ((newPassword!=null) ? StringUtils.escapeForXML(newPassword) : "") %>"><br>
<% if (errors.get("newPassword") != null) { %> <% if (errors.get("newPassword") != null) { %>
<span class="jive-error-text"> <span class="jive-error-text">
...@@ -349,7 +349,7 @@ function checkClick() { ...@@ -349,7 +349,7 @@ function checkClick() {
</td> </td>
<td> <td>
<input type="password" name="newPasswordConfirm" size="20" maxlength="50" <input type="password" name="newPasswordConfirm" size="20" maxlength="50"
value="<%= ((newPasswordConfirm!=null) ? newPasswordConfirm : "") %>"><br> value="<%= ((newPasswordConfirm!=null) ? StringUtils.escapeForXML(newPasswordConfirm) : "") %>"><br>
<% if (errors.get("newPasswordConfirm") != null) { %> <% if (errors.get("newPasswordConfirm") != null) { %>
<span class="jive-error-text"> <span class="jive-error-text">
<fmt:message key="setup.admin.settings.valid_confirm" /> <fmt:message key="setup.admin.settings.valid_confirm" />
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Technounit-GROUP 2023