composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-05-19 07:12:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

Protect Bulk Modify against XSS injection!

Browse Source 
SVN:trunk[3117]
This commit is contained in:
Denis Flaven
2014-04-01 10:12:11 +00:00
parent ce9806b01c
commit caef02720c
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
application/cmdbabstract.class.inc.php
View File

@@ -2709,7 +2709,7 @@ EOF
$aFinalValues[$sAttCode] = $aValues[$sAttCode]; $aFinalValues[$sAttCode] = $aValues[$sAttCode];
} }
$this->UpdateObjectFromArray($aFinalValues); $this->UpdateObjectFromArray($aFinalValues);
// Invoke extensions after the update of the object from the form // Invoke extensions after the update of the object from the form
foreach (MetaModel::EnumPlugins('iApplicationUIExtension') as $oExtensionInstance) foreach (MetaModel::EnumPlugins('iApplicationUIExtension') as $oExtensionInstance)
{ {
@@ -3284,12 +3284,12 @@ EOF
{ {
foreach($value as $vKey => $vValue) foreach($value as $vKey => $vValue)
{ {
$oP->add("<input type=\"hidden\" name=\"{$sKey}[$vKey]\" value=\"$vValue\">\n"); $oP->add("<input type=\"hidden\" name=\"{$sKey}[$vKey]\" value=\"".htmlentities($vValue, ENT_QUOTES, 'UTF-8')."\">\n");
} }
} }
else else
{ {
$oP->add("<input type=\"hidden\" name=\"$sKey\" value=\"$value\">\n"); $oP->add("<input type=\"hidden\" name=\"$sKey\" value=\"".htmlentities($value, ENT_QUOTES, 'UTF-8')."\">\n");
} }
} }
} }