composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-05-01 14:38:47 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fixed Trac#446: XSS vulnerabilities... to be tested !

Browse Source 
Also fixed the display/download links on documents that were both doing exactly the same thing !

SVN:trunk[1443]
This commit is contained in:
Denis Flaven
2011-08-11 10:17:03 +00:00
parent a129c9814f
commit 6859326646
24 changed files with 248 additions and 159 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
application/cmdbabstract.class.inc.php
View File

@@ -1287,7 +1287,7 @@ EOF
//$oAppContext->Reset($sFilterCode); // Make sure the same parameter will not be passed twice
$sHtml .= '<span style="white-space: nowrap;padding:5px;display:inline-block;">';
$sFilterValue = '';
$sFilterValue = utils::ReadParam($sFilterCode, '');
$sFilterValue = utils::ReadParam($sFilterCode, '', false, 'raw_data');
$sFilterOpCode = null; // Use the default 'loose' OpCode
if (empty($sFilterValue))
{
@@ -1970,7 +1970,7 @@ EOF
$oDocument = $this->Get($sAttCode);
$sDisplayValue = $this->GetAsHTML($sAttCode);
$sDisplayValue .= "<br/>".Dict::Format('UI:OpenDocumentInNewWindow_', $oDocument->GetDisplayLink(get_class($this), $this->GetKey(), $sAttCode)).", \n";
$sDisplayValue .= "<br/>".Dict::Format('UI:DownloadDocument_', $oDocument->GetDisplayLink(get_class($this), $this->GetKey(), $sAttCode)).", \n";
$sDisplayValue .= "<br/>".Dict::Format('UI:DownloadDocument_', $oDocument->GetDownloadLink(get_class($this), $this->GetKey(), $sAttCode)).", \n";
}
else
{
@@ -2314,7 +2314,7 @@ EOF
}
else
{
$value = utils::ReadPostedParam("attr_{$sFormPrefix}{$sAttCode}", null);
$value = utils::ReadPostedParam("attr_{$sFormPrefix}{$sAttCode}", null, 'raw_data');
}
if (!is_null($value))
{