composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-04-23 10:38:45 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fixed Trac#446: XSS vulnerabilities... to be tested !

Browse Source 
Also fixed the display/download links on documents that were both doing exactly the same thing !

SVN:trunk[1443]
This commit is contained in:
Denis Flaven
2011-08-11 10:17:03 +00:00
parent a129c9814f
commit 6859326646
24 changed files with 248 additions and 159 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
application/ui.passwordwidget.class.inc.php
View File

@@ -52,8 +52,8 @@ class UIPasswordWidget
{
$sCode = $this->sAttCode.$this->sNameSuffix;
$iWidgetIndex = self::$iWidgetIndex;
$sPasswordValue = utils::ReadPostedParam("attr_{$sCode}[value]", '*****');
$sConfirmPasswordValue = utils::ReadPostedParam("attr_{$sCode}[confirm]", '*****');
$sPasswordValue = utils::ReadPostedParam("attr_{$sCode}[value]", '*****', 'raw_data');
$sConfirmPasswordValue = utils::ReadPostedParam("attr_{$sCode}[confirm]", '*****', 'raw_data');
$sChangedValue = (($sPasswordValue != '*****') || ($sConfirmPasswordValue != '*****')) ? 1 : 0;
$sHtmlValue = '';
$sHtmlValue = '<input type="password" maxlength="255" name="attr_'.$sCode.'[value]" id="'.$this->iId.'" value="'.htmlentities($sPasswordValue, ENT_QUOTES, 'UTF-8').'"/>&nbsp;<span class="form_validation" id="v_'.$this->iId.'"></span><br/>';