natalie
/
indefero
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix XSS problem in review and issue details (fixes issue 793)

develop
Thomas Keller 2012-04-15 22:59:23 +02:00
parent bb7544021f
commit f11a7f7618
2 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/IDF/Views/Issue.php
View File

@ -601,7 +601,7 @@ class IDF_Views_Issue
$url = Pluf_HTTP_URL_urlForView('IDF_Views_Issue::view', $url = Pluf_HTTP_URL_urlForView('IDF_Views_Issue::view',
array($prj->shortname, $issue->id)); array($prj->shortname, $issue->id));
$title = Pluf_Template::markSafe(sprintf(__('Issue <a href="%1$s">%2$d</a>: %3$s'), $url, $issue->id, $issue->summary)); $title = Pluf_Template::markSafe(sprintf(__('Issue <a href="%1$s">%2$d</a>: %3$s'), $url, $issue->id, Pluf_esc($issue->summary)));
$form = false; // The form is available only if logged in. $form = false; // The form is available only if logged in.
$starred = false; $starred = false;
$closed = in_array($issue->status, $prj->getTagIdsByStatus('closed')); $closed = in_array($issue->status, $prj->getTagIdsByStatus('closed'));

2
src/IDF/Views/Review.php
View File

@ -137,7 +137,7 @@ class IDF_Views_Review
$prj->inOr404($review); $prj->inOr404($review);
$url = Pluf_HTTP_URL_urlForView('IDF_Views_Review::view', $url = Pluf_HTTP_URL_urlForView('IDF_Views_Review::view',
array($prj->shortname, $review->id)); array($prj->shortname, $review->id));
$title = Pluf_Template::markSafe(sprintf(__('Review <a href="%1$s">%2$d</a>: %3$s'), $url, $review->id, $review->summary)); $title = Pluf_Template::markSafe(sprintf(__('Review <a href="%1$s">%2$d</a>: %3$s'), $url, $review->id, Pluf_esc($review->summary)));
$patches = $review->get_patches_list(); $patches = $review->get_patches_list();
$patch = $patches[0]; $patch = $patches[0];