composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-02-12 23:14:18 +01:00
Code Issues Packages Projects Releases Wiki Activity

#1041 Protect against some XSS injections

Browse Source 
SVN:trunk[3479]
This commit is contained in:
Denis Flaven
2014-12-18 08:50:04 +00:00
parent ece152173f
commit 143cefe4e3
4 changed files with 5 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
application/cmdbabstract.class.inc.php
View File

@@ -1522,7 +1522,7 @@ abstract class cmdbAbstractObject extends CMDBObject implements iDisplay
{
if (is_scalar($sValue))
{
$sHtml .= "<input type=\"hidden\" name=\"$sName\" value=\"$sValue\" />\n";
$sHtml .= "<input type=\"hidden\" name=\"$sName\" value=\"".htmlentities($sValue, ENT_QUOTES, 'UTF-8')."\" />\n";
}
}
$sHtml .= "<input type=\"hidden\" name=\"class\" value=\"$sClassName\" />\n";

2
application/portalwebpage.class.inc.php
View File

@@ -826,7 +826,7 @@ EOF
}
$sStepHistory = implode(',', $aPreviousSteps);
$this->add("<input type=\"hidden\" id=\"step_history\" name=\"step_history\" value=\"$sStepHistory\">");
$this->add("<input type=\"hidden\" id=\"step_history\" name=\"step_history\" value=\"".htmlentities($sStepHistory, ENT_QUOTES, 'UTF-8')."\">");
if (!is_null($sNextStep))
{

2
application/ui.extkeywidget.class.inc.php
View File

@@ -259,7 +259,7 @@ EOF
$sHTMLValue .= "<img id=\"mini_search_{$this->iId}\" style=\"border:0;vertical-align:middle;cursor:pointer;\" src=\"../images/mini_search.gif\" onClick=\"oACWidget_{$this->iId}.Search();\"/>&nbsp;";
// another hidden input to store & pass the object's Id
$sHTMLValue .= "<input type=\"hidden\" id=\"$this->iId\" name=\"{$sAttrFieldPrefix}{$sFieldName}\" value=\"$value\" />\n";
$sHTMLValue .= "<input type=\"hidden\" id=\"$this->iId\" name=\"{$sAttrFieldPrefix}{$sFieldName}\" value=\"".htmlentities($value, ENT_QUOTES, 'UTF-8')."\" />\n";
$JSSearchMode = $this->bSearchMode ? 'true' : 'false';
// Scripts to start the autocomplete and bind some events to it

3
readme.txt
View File

@@ -1,4 +1,4 @@
iTop - version 2.1.0 - 16-Dec-2014
iTop - version 2.1.0 - 18-Dec-2014
Readme file
1. ABOUT THIS RELEASE
@@ -284,6 +284,7 @@ Prevent the JS validation (on focus) to create multiple entries for the same fie
#1037 Refresh "priority" when either "impact" or "urgency" changes.
#1038 Duplicate column name (service name) when importing service subcategories
#1040 The graphical display of "impact/depends on" is not consistent with the "list" tab
#1041 Protect against XSS injections
Extending the data model