Description: Security patch
 Fix for two XSS.
 .
 ldap-account-manager (3.6-2) unstable; urgency=high
 .
   * Fix "Multiple vulnerabilities"
     Replace special characters in HTML output. (Closes: #661904)
Author: Roland Gruber <post@rolandgruber.de>
Bug-Debian: http://bugs.debian.org/661904

---
The information above should follow the Patch Tagging Guidelines, please
checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here
are templates for supplementary fields that you might want to add:

Origin: <vendor|upstream|other>, <url of original patch>
Bug: <url in upstream bugtracker>
Bug-Debian: http://bugs.debian.org/<bugnumber>
Bug-Ubuntu: https://launchpad.net/bugs/<bugnumber>
Forwarded: <no|not-needed|url proving that it has been forwarded>
Reviewed-By: <name and email of someone who approved the patch>
Last-Update: <YYYY-MM-DD>

--- ldap-account-manager-3.6.orig/templates/3rdParty/pla/htdocs/export.php
+++ ldap-account-manager-3.6/templates/3rdParty/pla/htdocs/export.php
@@ -29,12 +29,12 @@ if ($request['file']) {
 
 	header('Content-type: application/download');
 	header(sprintf('Content-Disposition: inline; filename="%s.%s"','export',$types['extension'].($request['export']->isCompressed() ? '.gz' : '')));
-	$request['export']->export();
+	echo $request['export']->export();
 	die();
 
 } else {
 	print '<span style="font-size: 14px; font-family: courier;"><pre>';
-	$request['export']->export();
+	echo htmlspecialchars($request['export']->export());
 	print '</pre></span>';
 }
 ?>
--- ldap-account-manager-3.6.orig/templates/3rdParty/pla/htdocs/add_value_form.php
+++ ldap-account-manager-3.6/templates/3rdParty/pla/htdocs/add_value_form.php
@@ -34,7 +34,7 @@ if ($request['attribute']->isReadOnly())
 # Render the form
 if (! strcasecmp($request['attr'],'objectclass') || get_request('meth','REQUEST') != 'ajax') {
 	# Render the form.
-	$request['page']->drawTitle(sprintf(_('Add new <b>%s</b> value to <b>%s</b>'),$request['attr'],get_rdn($request['dn'])));
+	$request['page']->drawTitle(sprintf(_('Add new <b>%s</b> value to <b>%s</b>'),htmlspecialchars($request['attr']),htmlspecialchars(get_rdn($request['dn']))));
 	$request['page']->drawSubTitle();
 
 	if (! strcasecmp($request['attr'],'objectclass')) {
--- ldap-account-manager-3.6.orig/templates/3rdParty/pla/lib/export_functions.php
+++ ldap-account-manager-3.6/templates/3rdParty/pla/lib/export_functions.php
@@ -318,9 +318,9 @@ class ExportCSV extends Export {
 		}
 
 		if ($this->compress)
-			echo gzencode($output);
+			return gzencode($output);
 		else
-			echo $output;
+			return $output;
 	}
 
 	/**
@@ -422,9 +422,9 @@ class ExportDSML extends Export {
 		$output .= sprintf('</dsml>%s',$this->br);
 
 		if ($this->compress)
-			echo gzencode($output);
+			return gzencode($output);
 		else
-			echo $output;
+			return $output;
 	}
 }
 
@@ -500,9 +500,9 @@ class ExportLDIF extends Export {
 		}
 
 		if ($this->compress)
-			echo gzencode($output);
+			return gzencode($output);
 		else
-			echo $output;
+			return $output;
 	}
 
 	/**
@@ -627,9 +627,9 @@ class ExportVCARD extends Export {
 		}
 
 		if ($this->compress)
-			echo gzencode($output);
+			return gzencode($output);
 		else
-			echo $output;
+			return $output;
 	}
 }
 ?>
