composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-02-13 07:24:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

#565 Fixed security issues (XSS)

Browse Source 
SVN:trunk[2282]
This commit is contained in:
Romain Quetiez
2012-10-17 15:38:09 +00:00
parent 0f9280399b
commit ce77c65e6e
3 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
application/cmdbabstract.class.inc.php
View File

@@ -1371,7 +1371,7 @@ abstract class cmdbAbstractObject extends CMDBObject implements iDisplay
if (is_null($aAllowedValues))
{
// Any value is possible, display an input box
$sHtml .= "<label>".MetaModel::GetFilterLabel($sClassName, $sFilterCode).":</label>&nbsp;<input class=\"textSearch\" name=\"$sFilterCode\" value=\"$sFilterValue\"/>\n";
$sHtml .= "<label>".MetaModel::GetFilterLabel($sClassName, $sFilterCode).":</label>&nbsp;<input class=\"textSearch\" name=\"$sFilterCode\" value=\"".htmlentities($sFilterValue, ENT_QUOTES, 'utf-8')."\"/>\n";
}
else
{

3
datamodels/1.x/itop-attachments/ajax.attachment.php
View File

@@ -102,7 +102,8 @@ try
}
catch (Exception $e)
{
echo $e->GetMessage();
// note: transform to cope with XSS attacks
echo htmlentities($e->GetMessage(), ENT_QUOTES, 'utf-8');
IssueLog::Error($e->getMessage());
}
?>

3
pages/ajax.render.php
View File

@@ -875,7 +875,8 @@ try
}
catch (Exception $e)
{
echo $e->GetMessage();
// note: transform to cope with XSS attacks
echo htmlentities($e->GetMessage(), ENT_QUOTES, 'utf-8');
echo "<p>Debug trace: <pre>".print_r($e->getTrace(), true)."</pre></p>\n";
IssueLog::Error($e->getMessage());
}