fix possible XSS vulnerability in Plugin Manager

The plugin manager echos raw URLs in error messages, this could allow to construct an XSS attack. However the affected form is CSRF protected, so an attacker would require another XSS vulnerability to get the needed token, rendering this attack unneeded. So this should not be exploitable.

fix possible XSS vulnerability in Plugin Manager
9e8bcd5f · Andreas Gohr · 8c4759c9 · 9e8bcd5f
Commit 9e8bcd5f authored 11 years ago by Andreas Gohr
--- a/lib/plugins/plugin/classes/ap_download.class.php
+++ b/lib/plugins/plugin/classes/ap_download.class.php
@@ -24,7 +24,7 @@ class ap_download extends ap_manage {
        ptln('<h2>'.$this->lang['downloading'].'</h2>');

        if ($this->manager->error) {
-            ptln('<div class="error">'.str_replace("\n","<br />",$this->manager->error).'</div>');
+            ptln('<div class="error">'.str_replace("\n","<br />",hsc($this->manager->error)).'</div>');
        } else if (count($this->downloaded) == 1) {
            ptln('<p>'.sprintf($this->lang['downloaded'],$this->downloaded[0]).'</p>');
        } else if (count($this->downloaded)) {   // more than one plugin in the download