composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-04-23 18:48:51 +02:00
Code Issues Packages Projects Releases Wiki Activity

Title field XSS vulnerability solution.

Browse Source
This commit is contained in:
Kamil Konečný
2018-11-13 15:58:15 +01:00
committed by Stephen Abello
parent b9e0747825
commit 67f5f09530
1 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
application/cmdbabstract.class.inc.php
View File

@@ -2190,7 +2190,8 @@ EOF
{
$oPage->add_ready_script(
<<<EOF
$('#{$iId}').qtip( { content: $('#{$iId}').val(), show: 'mouseover', hide: 'mouseout', style: { name: 'dark', tip: 'bottomLeft' }, position: { corner: { target: 'topLeft', tooltip: 'bottomLeft' }, adjust: { y: -15}} } );
var sEscapedVal = $('<div/>').text($('#{$iId}').val()).html();
$('#{$iId}').qtip( { content: sEscapedVal, show: 'mouseover', hide: 'mouseout', style: { name: 'dark', tip: 'bottomLeft' }, position: { corner: { target: 'topLeft', tooltip: 'bottomLeft' }, adjust: { y: -15}} } );
$('#{$iId}').bind('keyup', function(evt, sFormId){
var oQTipAPI = $(this).qtip('api');
@@ -2204,7 +2205,8 @@ EOF
{
oQTipAPI.disable(false);
}
oQTipAPI.updateContent($(this).val());
var sEscapedVal = $('<div/>').text($(this).val()).html();
oQTipAPI.updateContent(sEscapedVal);
});
EOF
);