FSN#39950 PENTEST Reflected XSS in sso parameter

svn path=/Website/branches/v2016.3/; revision=33318
2017-03-29 14:45:16 +00:00
parent 36427042bf
commit 220808bd5c
1 changed files with 1 additions and 1 deletions
--- a/APPL/Shared/loginTry.asp
+++ b/APPL/Shared/loginTry.asp
@@ -223,7 +223,7 @@ if (user_key < 0 && sso && sso != "0") // "0" is een hardcoded special case
            + " WHERE fac_idp_code = " + safe.quoted_sql(sso);
    var oRs = Oracle.Execute(sql);
    if (oRs.Eof)
-        shared.internal_error("Identity provider '{0}' is not configured for {1}".format(sso, customerId));
+        shared.internal_error("Identity provider '{0}' is not configured for {1}".format(safe.html(sso), customerId));

    var isFACFACinternal = oRs("fac_idp_internal").Value != 0;
    var ip_restrict = oRs("fac_idp_ipfilter").Value;