composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-05-22 00:32:16 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fixed Trac#446: XSS vulnerabilities... to be tested !

Browse Source 
Also fixed the display/download links on documents that were both doing exactly the same thing !

SVN:trunk[1443]
This commit is contained in:
Denis Flaven
2011-08-11 10:17:03 +00:00
parent a129c9814f
commit 6859326646
24 changed files with 248 additions and 159 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
application/displayblock.class.inc.php
View File

@@ -232,8 +232,7 @@ class DisplayBlock
$sHtml .= "<div id=\"$sId\" class=\"display_block loading\">\n";
$sHtml .= $oPage->GetP("<img src=\"../images/indicator_arrows.gif\"> ".Dict::S('UI:Loading'));
$sHtml .= "</div>\n";
$sHtml .= '
<script language="javascript">
$oPage->add_script('
$.post("ajax.render.php?style='.$this->m_sStyle.'",
{ operation: "ajax", filter: "'.$sFilter.'", extra_params: "'.$sExtraParams.'" },
function(data){
@@ -242,14 +241,11 @@ class DisplayBlock
$("#'.$sId.'").removeClass("loading");
}
);
</script>';
');
}
if ($bAutoReload)
{
$sHtml .= '
<script language="javascript">
setInterval("ReloadBlock(\''.$sId.'\', \''.$this->m_sStyle.'\', \''.$sFilter.'\', \"'.$sExtraParams.'\")", '.$iReloadInterval.');
</script>';
$oPage->add_script('setInterval("ReloadBlock(\''.$sId.'\', \''.$this->m_sStyle.'\', \''.$sFilter.'\', \"'.$sExtraParams.'\")", '.$iReloadInterval.');');
}
return $sHtml;
}
@@ -299,7 +295,7 @@ class DisplayBlock
}
foreach($aFilterCodes as $sFilterCode)
{
$sExternalFilterValue = utils::ReadParam($sFilterCode, '');
$sExternalFilterValue = utils::ReadParam($sFilterCode, '', false, 'raw_data');
$condition = null;
if (isset($aExtraParams[$sFilterCode]))
{