diff --git a/public/main/admin/export_certificates.php b/public/main/admin/export_certificates.php
index 6d37fdb605..112bcc4349 100644
--- a/public/main/admin/export_certificates.php
+++ b/public/main/admin/export_certificates.php
@@ -3,6 +3,7 @@
$cidReset = true;
require_once __DIR__.'/../inc/global.inc.php';
+api_protect_admin_script(true);
Display::display_header(null);
$form = new FormValidator('export_certificate');
diff --git a/public/main/inc/lib/api.lib.php b/public/main/inc/lib/api.lib.php
index 5d31fdfcc8..696e8f9b64 100644
--- a/public/main/inc/lib/api.lib.php
+++ b/public/main/inc/lib/api.lib.php
@@ -7358,7 +7358,7 @@ function api_get_protocol()
*/
function api_get_origin()
{
- return isset($_REQUEST['origin']) ? Security::remove_XSS($_REQUEST['origin']) : '';
+ return isset($_REQUEST['origin']) ? urlencode(Security::remove_XSS(urlencode($_REQUEST['origin']))) : '';
}
/**
diff --git a/public/main/inc/lib/nusoap/class.wsdl.php b/public/main/inc/lib/nusoap/class.wsdl.php
index 1583f824dd..e740c8e556 100644
--- a/public/main/inc/lib/nusoap/class.wsdl.php
+++ b/public/main/inc/lib/nusoap/class.wsdl.php
@@ -762,6 +762,8 @@ class wsdl extends nusoap_base
$this->setError("Neither _SERVER nor HTTP_SERVER_VARS is available");
}
+ $url = 'WSDL';
+ $url = Security::remove_XSS($url);
$b = '
NuSOAP: '.$this->serviceName.'