composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-02-13 07:24:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix for Trac #670: XSS vulnerability issue.

Browse Source 
SVN:1.2.1[2587]
This commit is contained in:
Denis Flaven
2013-01-22 17:34:36 +00:00
parent d72503b411
commit 2bc01db8d9
2 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
pages/UI.php
View File

@@ -674,7 +674,7 @@ try
else
{
$oP->set_title(Dict::S('UI:SearchResultsPageTitle'));
$oP->p("<h1>".Dict::Format('UI:FullTextSearchTitle_Text', $sFullText)."</h1>");
$oP->p("<h1>".Dict::Format('UI:FullTextSearchTitle_Text', htmlentities($sFullText, ENT_QUOTES, 'UTF-8'))."</h1>");
$iCount = 0;
$iBlock = 0;
// Search in full text mode in all the classes

4
pages/run_query.php
View File

@@ -160,7 +160,7 @@ try
$oP->add("<form method=\"get\">\n");
$oP->add(Dict::S('UI:RunQuery:ExpressionToEvaluate')."<br/>\n");
$oP->add("<textarea cols=\"120\" rows=\"8\" name=\"expression\">$sExpression</textarea>\n");
$oP->add("<textarea cols=\"120\" rows=\"8\" name=\"expression\">".htmlentities($sExpression, ENT_QUOTES, 'UTF-8')."</textarea>\n");
if (count($aArgs) > 0)
{
@@ -186,7 +186,7 @@ try
$oP->p('');
$oP->StartCollapsibleSection(Dict::S('UI:RunQuery:MoreInfo'), false);
$oP->p(Dict::S('UI:RunQuery:DevelopedQuery').$oFilter->ToOQL());
$oP->p(Dict::S('UI:RunQuery:DevelopedQuery').htmlentities($oFilter->ToOQL(), ENT_QUOTES, 'UTF-8'));
$oP->p(Dict::S('UI:RunQuery:SerializedFilter').$oFilter->serialize());
$oP->EndCollapsibleSection();
}