More fixes for Trac#446: XSS vulnerabilities with vectors containing double quotes

SVN:trunk[1563]
2026-02-13 07:24:13 +01:00 · 2011-09-08 13:21:32 +00:00
parent 205e80f8a5
commit c4db9cd84e
17 changed files with 54 additions and 37 deletions
--- a/application/applicationcontext.class.inc.php
+++ b/application/applicationcontext.class.inc.php
@@ -163,7 +163,7 @@ class ApplicationContext
 		$sContext = "";
 		foreach($this->aValues as $sName => $sValue)
 		{
-			$sContext .= "<input type=\"hidden\" name=\"c[$sName]\" value=\"$sValue\" />\n";
+			$sContext .= "<input type=\"hidden\" name=\"c[$sName]\" value=\"".htmlentities($sValue)."\" />\n";
 		}
 		return $sContext;
 	}