From ed72fd1766ebb3e729f109e1ce45238acc89c7bd Mon Sep 17 00:00:00 2001
From: Michael Kaufmann <d00p@froxlor.org>
Date: Thu, 8 Jun 2023 12:13:24 +0200
Subject: [PATCH] exclude password fields from being filtered/escaped by
 AntiXSS, fixes #1150

Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
---
 lib/Froxlor/PhpHelper.php | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/lib/Froxlor/PhpHelper.php b/lib/Froxlor/PhpHelper.php
index f5ee808938..7e08e2b568 100644
--- a/lib/Froxlor/PhpHelper.php
+++ b/lib/Froxlor/PhpHelper.php
@@ -449,7 +449,15 @@ public static function cleanGlobal(array &$global, AntiXSS &$antiXss)
 			'ssl_specialsettings',
 			'default_vhostconf_domain',
 			'ssl_default_vhostconf_domain',
-			'filecontent'
+			'filecontent',
+			'admin_password',
+			'password',
+			'new_customer_password',
+			'privileged_password',
+			'email_password',
+			'directory_password',
+			'ftp_password',
+			'mysql_password',
 		];
 		if (!empty($global)) {
 			$tmp = $global;