composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-03-03 16:14:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix for Trac #670: XSS vulnerability issue.

Browse Source 
SVN:2.0[2590]
This commit is contained in:
Denis Flaven
2013-01-22 17:43:41 +00:00
parent a0ff64a7ee
commit fcef3ef57e
2 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
pages/UI.php
View File

@@ -817,7 +817,7 @@ try
else
{
$oP->set_title(Dict::S('UI:SearchResultsPageTitle'));
$oP->p("<h1>".Dict::Format('UI:FullTextSearchTitle_Text', $sFullText)."</h1>");
$oP->p("<h1>".Dict::Format('UI:FullTextSearchTitle_Text', htmlentities($sFullText, ENT_QUOTES, 'UTF-8'))."</h1>");
$iCount = 0;
$iBlock = 0;
// Search in full text mode in all the classes

4
pages/run_query.php
View File

@@ -161,7 +161,7 @@ try
$oP->add("<form method=\"get\">\n");
$oP->add(Dict::S('UI:RunQuery:ExpressionToEvaluate')."<br/>\n");
$oP->add("<textarea cols=\"120\" rows=\"8\" name=\"expression\">$sExpression</textarea>\n");
$oP->add("<textarea cols=\"120\" rows=\"8\" name=\"expression\">".htmlentities($sExpression, ENT_QUOTES, 'UTF-8')."</textarea>\n");
if (count($aArgs) > 0)
{
@@ -187,7 +187,7 @@ try
$oP->p('');
$oP->StartCollapsibleSection(Dict::S('UI:RunQuery:MoreInfo'), false);
$oP->p(Dict::S('UI:RunQuery:DevelopedQuery').$oFilter->ToOQL());
$oP->p(Dict::S('UI:RunQuery:DevelopedQuery').htmlentities($oFilter->ToOQL(), ENT_QUOTES, 'UTF-8'));
$oP->p(Dict::S('UI:RunQuery:SerializedFilter').$oFilter->serialize());
$oP->EndCollapsibleSection();
}