diff options
| author | Andreas Fischer <bantu@phpbb.com> | 2012-09-08 14:40:35 +0200 |
|---|---|---|
| committer | Andreas Fischer <bantu@phpbb.com> | 2012-09-08 14:42:38 +0200 |
| commit | cc0c378caf9bfc480391a9d11d5a4d78c0df097c (patch) | |
| tree | ae87ef9b15871496200ad2cc60a0a0c93c088f47 /phpBB/install/install_update.php | |
| parent | f2607fc9e80c6f9ad7543b7be5ea6f294aa6c40a (diff) | |
| download | forums-cc0c378caf9bfc480391a9d11d5a4d78c0df097c.tar forums-cc0c378caf9bfc480391a9d11d5a4d78c0df097c.tar.gz forums-cc0c378caf9bfc480391a9d11d5a4d78c0df097c.tar.bz2 forums-cc0c378caf9bfc480391a9d11d5a4d78c0df097c.tar.xz forums-cc0c378caf9bfc480391a9d11d5a4d78c0df097c.zip | |
[ticket/8713] Call htmlspecialchars_decode() on transfer (e.g. ftp) passwords.
PHPBB3-8713
Diffstat (limited to 'phpBB/install/install_update.php')
| -rw-r--r-- | phpBB/install/install_update.php | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/phpBB/install/install_update.php b/phpBB/install/install_update.php index 1ecedecce6..8c044550f3 100644 --- a/phpBB/install/install_update.php +++ b/phpBB/install/install_update.php @@ -862,7 +862,14 @@ class install_update extends module $test_connection = false; if ($test_ftp_connection || $submit) { - $transfer = new $method(request_var('host', ''), request_var('username', ''), $request->untrimmed_variable('password', ''), request_var('root_path', ''), request_var('port', ''), request_var('timeout', '')); + $transfer = new $method( + request_var('host', ''), + request_var('username', ''), + htmlspecialchars_decode($request->untrimmed_variable('password', '')), + request_var('root_path', ''), + request_var('port', ''), + request_var('timeout', '') + ); $test_connection = $transfer->open_session(); // Make sure that the directory is correct by checking for the existence of common.php @@ -948,7 +955,14 @@ class install_update extends module } else { - $transfer = new $method(request_var('host', ''), request_var('username', ''), $request->untrimmed_variable('password', ''), request_var('root_path', ''), request_var('port', ''), request_var('timeout', '')); + $transfer = new $method( + request_var('host', ''), + request_var('username', ''), + htmlspecialchars_decode($request->untrimmed_variable('password', '')), + request_var('root_path', ''), + request_var('port', ''), + request_var('timeout', '') + ); $transfer->open_session(); } |