composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-04-20 17:18:51 +02:00
Code Issues Packages Projects Releases Wiki Activity

#896 XSS injection on the portal (any search form)

Browse Source 
SVN:trunk[3093]
This commit is contained in:
Romain Quetiez
2014-03-03 14:46:48 +00:00
parent d6dbe0fce7
commit 404f6772fd
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
application/portalwebpage.class.inc.php
View File

@@ -510,7 +510,8 @@ EOF
if (is_null($aAllowedValues))
{
// Any value is possible, display an input box
$this->add("<label>".MetaModel::GetFilterLabel($sClass, $sAttSpec).":</label>&nbsp;<input class=\"textSearch\" name=\"$sPrefix$sFieldName\" value=\"$sFilterValue\"/>\n");
$sSanitizedValue = htmlentities($sFilterValue, ENT_QUOTES, 'UTF-8');
$this->add("<label>".MetaModel::GetFilterLabel($sClass, $sAttSpec).":</label>&nbsp;<input class=\"textSearch\" name=\"$sPrefix$sFieldName\" value=\"$sSanitizedValue\"/>\n");
}
else
{