Fixed Trac#446: XSS vulnerabilities... to be tested !

Also fixed the display/download links on documents that were both doing exactly the same thing ! SVN:trunk[1443]
2026-04-24 02:58:43 +02:00 · 2011-08-11 10:17:03 +00:00
parent a129c9814f
commit 6859326646
24 changed files with 248 additions and 159 deletions
--- a/pages/run_query.php
+++ b/pages/run_query.php
@@ -100,7 +100,7 @@ $oAppContext = new ApplicationContext();
 $oP = new iTopWebPage(Dict::S('UI:RunQuery:Title'));

 // Main program
-$sExpression = utils::ReadParam('expression', '');
+$sExpression = utils::ReadParam('expression', '', false, 'raw_data');
 $sEncoding = utils::ReadParam('encoding', 'oql');

 ShowExamples($oP, $sExpression);