exclude password fields from being filtered/escaped by AntiXSS, fixes #…

…1150 Signed-off-by: Michael Kaufmann <[email protected]>
froxlor · Jun 8, 2023 · ed72fd1 · ed72fd1
1 parent 826ae36
commit ed72fd1
Showing 1 changed file with 9 additions and 1 deletion.
diff --git a/lib/Froxlor/PhpHelper.php b/lib/Froxlor/PhpHelper.php
@@ -449,7 +449,15 @@ public static function cleanGlobal(array &$global, AntiXSS &$antiXss)
 			'ssl_specialsettings',
 			'default_vhostconf_domain',
 			'ssl_default_vhostconf_domain',
-			'filecontent'
+			'filecontent',
+			'admin_password',
+			'password',
+			'new_customer_password',
+			'privileged_password',
+			'email_password',
+			'directory_password',
+			'ftp_password',
+			'mysql_password',
 		];
 		if (!empty($global)) {
 			$tmp = $global;