composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-03-01 23:24:12 +01:00
Code Issues Packages Projects Releases Wiki Activity

Protect Bulk Modify against XSS injection!

Browse Source 
SVN:2.0.2[3118]
This commit is contained in:
Denis Flaven
2014-04-01 10:13:58 +00:00
parent 3f4db67b40
commit b2d6df98ed
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
application/cmdbabstract.class.inc.php
View File

@@ -2709,7 +2709,7 @@ EOF
$aFinalValues[$sAttCode] = $aValues[$sAttCode];
}
$this->UpdateObjectFromArray($aFinalValues);
// Invoke extensions after the update of the object from the form
foreach (MetaModel::EnumPlugins('iApplicationUIExtension') as $oExtensionInstance)
{
@@ -3284,12 +3284,12 @@ EOF
{
foreach($value as $vKey => $vValue)
{
$oP->add("<input type=\"hidden\" name=\"{$sKey}[$vKey]\" value=\"$vValue\">\n");
$oP->add("<input type=\"hidden\" name=\"{$sKey}[$vKey]\" value=\"".htmlentities($vValue, ENT_QUOTES, 'UTF-8')."\">\n");
}
}
else
{
$oP->add("<input type=\"hidden\" name=\"$sKey\" value=\"$value\">\n");
$oP->add("<input type=\"hidden\" name=\"$sKey\" value=\"".htmlentities($value, ENT_QUOTES, 'UTF-8')."\">\n");
}
}
}