s3 swat: Fix possible XSS attack (bug #8289)

[samba.git] / source3 / web / swat.c

diff --git a/source3/web/swat.c b/source3/web/swat.c
index 4bfb731814807847171953f688226fda824c8074..ac5787bf1fcfb1cc35a3c423cbe50d6277040355 100644 (file)
--- a/source3/web/swat.c
+++ b/source3/web/swat.c
@@ -1121,11 +1121,9 @@ static void chg_passwd(void)
        if(cgi_variable(CHG_S_PASSWD_FLAG)) {
                printf("<p>");
                if (rslt == True) {
-                       printf(_(" The passwd for '%s' has been changed."), cgi_variable_nonull(SWAT_USER));
-                       printf("\n");
+                       printf("%s\n", _(" The passwd has been changed."));
                } else {
-                       printf(_(" The passwd for '%s' has NOT been changed."), cgi_variable_nonull(SWAT_USER));
-                       printf("\n");
+                       printf("%s\n", _(" The passwd for has NOT been changed."));
                }
        }
        
@@ -1139,14 +1137,6 @@ static void passwd_page(void)
 {
        const char *new_name = cgi_user_name();
 
-       /* 
-        * After the first time through here be nice. If the user
-        * changed the User box text to another users name, remember it.
-        */
-       if (cgi_variable(SWAT_USER)) {
-               new_name = cgi_variable_nonull(SWAT_USER);
-       } 
-
        if (!new_name) new_name = "";
 
        printf("<H2>%s</H2>\n", _("Server Password Management"));