Fixed Trac#446: XSS vulnerabilities... to be tested !

Also fixed the display/download links on documents that were both doing exactly the same thing ! SVN:trunk[1443]
2026-04-23 02:28:44 +02:00 · 2011-08-11 10:17:03 +00:00
parent a129c9814f
commit 6859326646
24 changed files with 248 additions and 159 deletions
--- a/application/ui.extkeywidget.class.inc.php
+++ b/application/ui.extkeywidget.class.inc.php
@@ -327,7 +327,7 @@ EOF
 		$aValues = $oValuesSet->GetValues(array('this' => $oObj), $sContains);
 		foreach($aValues as $sKey => $sFriendlyName)
 		{
-			$oP->add(trim($sFriendlyName)."|".$sKey."\n");
+			$oP->add(trim(htmlentities($sFriendlyName, ENT_COMPAT, 'UTF-8'))."|".$sKey."\n");
 		}
 	}