composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-04-20 17:18:51 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fixed a side effect of Trac#446 (XSS)

Browse Source 
SVN:trunk[1505]
This commit is contained in:
Denis Flaven
2011-08-24 15:56:48 +00:00
parent 16b7714139
commit 180311fd0a
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
pages/UI.php
View File

@@ -1415,7 +1415,7 @@ EOF
///////////////////////////////////////////////////////////////////////////////////////////
case 'wizard_apply_new': // no more used ???
$sJson = utils::ReadPostedParam('json_obj', '');
$sJson = utils::ReadPostedParam('json_obj', '', 'raw_data');
$oWizardHelper = WizardHelper::FromJSON($sJson);
$sTransactionId = utils::ReadPostedParam('transaction_id', '');
if (!utils::IsTransactionValid($sTransactionId))
@@ -1716,7 +1716,7 @@ EOF
$iFlags = $oObj->GetAttributeFlags($sAttCode);
if (($iExpectCode & (OPT_ATT_MUSTCHANGE|OPT_ATT_MUSTPROMPT)) || ($oObj->Get($sAttCode) == '') )
{
$paramValue = utils::ReadPostedParam("attr_$sAttCode", '');
$paramValue = utils::ReadPostedParam("attr_$sAttCode", '', 'raw_data');
if ( ($iFlags & OPT_ATT_SLAVE) && ($paramValue != $oObj->Get($sAttCode)) )
{
$oAttDef = MetaModel::GetAttributeDef($sClass, $sAttCode);
@@ -1959,7 +1959,7 @@ EOF
$iFlags = $oObj->GetAttributeFlags($sAttCode);
if (($iExpectCode & (OPT_ATT_MUSTCHANGE|OPT_ATT_MUSTPROMPT)) || ($oObj->Get($sAttCode) == '') )
{
$paramValue = utils::ReadPostedParam("attr_$sAttCode", '');
$paramValue = utils::ReadPostedParam("attr_$sAttCode", '', 'raw_data');
if ( ($iFlags & OPT_ATT_SLAVE) && ($paramValue != $oObj->Get($sAttCode)))
{
$oAttDef = MetaModel::GetAttributeDef($sClass, $sAttCode);