diff options
| author | Andreas Fischer <bantu@phpbb.com> | 2012-09-08 14:40:35 +0200 |
|---|---|---|
| committer | Andreas Fischer <bantu@phpbb.com> | 2012-09-08 14:42:38 +0200 |
| commit | cc0c378caf9bfc480391a9d11d5a4d78c0df097c (patch) | |
| tree | ae87ef9b15871496200ad2cc60a0a0c93c088f47 /phpBB/includes | |
| parent | f2607fc9e80c6f9ad7543b7be5ea6f294aa6c40a (diff) | |
| download | forums-cc0c378caf9bfc480391a9d11d5a4d78c0df097c.tar forums-cc0c378caf9bfc480391a9d11d5a4d78c0df097c.tar.gz forums-cc0c378caf9bfc480391a9d11d5a4d78c0df097c.tar.bz2 forums-cc0c378caf9bfc480391a9d11d5a4d78c0df097c.tar.xz forums-cc0c378caf9bfc480391a9d11d5a4d78c0df097c.zip | |
[ticket/8713] Call htmlspecialchars_decode() on transfer (e.g. ftp) passwords.
PHPBB3-8713
Diffstat (limited to 'phpBB/includes')
| -rw-r--r-- | phpBB/includes/acp/acp_language.php | 27 |
1 files changed, 24 insertions, 3 deletions
diff --git a/phpBB/includes/acp/acp_language.php b/phpBB/includes/acp/acp_language.php index b5f5ba2312..2be1ccfc41 100644 --- a/phpBB/includes/acp/acp_language.php +++ b/phpBB/includes/acp/acp_language.php @@ -100,11 +100,25 @@ class acp_language switch ($method) { case 'ftp': - $transfer = new ftp(request_var('host', ''), request_var('username', ''), $request->untrimmed_variable('password', ''), request_var('root_path', ''), request_var('port', ''), request_var('timeout', '')); + $transfer = new ftp( + request_var('host', ''), + request_var('username', ''), + htmlspecialchars_decode($request->untrimmed_variable('password', '')), + request_var('root_path', ''), + request_var('port', ''), + request_var('timeout', '') + ); break; case 'ftp_fsock': - $transfer = new ftp_fsock(request_var('host', ''), request_var('username', ''), $request->untrimmed_variable('password', ''), request_var('root_path', ''), request_var('port', ''), request_var('timeout', '')); + $transfer = new ftp_fsock( + request_var('host', ''), + request_var('username', ''), + htmlspecialchars_decode($request->untrimmed_variable('password', '')), + request_var('root_path', ''), + request_var('port', ''), + request_var('timeout', '') + ); break; default: @@ -404,7 +418,14 @@ class acp_language trigger_error($user->lang['INVALID_UPLOAD_METHOD'], E_USER_ERROR); } - $transfer = new $method(request_var('host', ''), request_var('username', ''), $request->untrimmed_variable('password', ''), request_var('root_path', ''), request_var('port', ''), request_var('timeout', '')); + $transfer = new $method( + request_var('host', ''), + request_var('username', ''), + htmlspecialchars_decode($request->untrimmed_variable('password', '')), + request_var('root_path', ''), + request_var('port', ''), + request_var('timeout', '') + ); if (($result = $transfer->open_session()) !== true) { |