Fix XSS problem in review and issue details (fixes issue 793)

This commit is contained in:
Thomas Keller 2012-04-15 22:59:23 +02:00
parent bb7544021f
commit f11a7f7618
2 changed files with 9 additions and 9 deletions

View File

@ -130,7 +130,7 @@ class IDF_Views_Issue
uasort($tagStatistics[$class], function ($a, $b) { uasort($tagStatistics[$class], function ($a, $b) {
if ($a[0] === $b[0]) if ($a[0] === $b[0])
return 0; return 0;
return ($a[0] > $b[0]) ? -1 : 1; return ($a[0] > $b[0]) ? -1 : 1;
}); });
} }
@ -326,7 +326,7 @@ class IDF_Views_Issue
public function userIssues($request, $match) public function userIssues($request, $match)
{ {
$prj = $request->project; $prj = $request->project;
$sql = new Pluf_SQL('login=%s', array($match[2])); $sql = new Pluf_SQL('login=%s', array($match[2]));
$user = Pluf::factory('Pluf_User')->getOne(array('filter' => $sql->gen())); $user = Pluf::factory('Pluf_User')->getOne(array('filter' => $sql->gen()));
if ($user === null) { if ($user === null) {
@ -334,7 +334,7 @@ class IDF_Views_Issue
array($prj->shortname)); array($prj->shortname));
return new Pluf_HTTP_Response_Redirect($url); return new Pluf_HTTP_Response_Redirect($url);
} }
$otags = $prj->getTagIdsByStatus('open'); $otags = $prj->getTagIdsByStatus('open');
$ctags = $prj->getTagIdsByStatus('closed'); $ctags = $prj->getTagIdsByStatus('closed');
if (count($otags) == 0) $otags[] = 0; if (count($otags) == 0) $otags[] = 0;
@ -361,7 +361,7 @@ class IDF_Views_Issue
$user->first_name, $user->first_name,
$user->last_name, $user->last_name,
(string) $prj); (string) $prj);
// Get stats about the issues // Get stats about the issues
$sql = new Pluf_SQL('project=%s AND submitter=%s AND status IN ('.implode(', ', $otags).')', array($prj->id, $user->id)); $sql = new Pluf_SQL('project=%s AND submitter=%s AND status IN ('.implode(', ', $otags).')', array($prj->id, $user->id));
$nb_submit = Pluf::factory('IDF_Issue')->getCount(array('filter'=>$sql->gen())); $nb_submit = Pluf::factory('IDF_Issue')->getCount(array('filter'=>$sql->gen()));
@ -601,7 +601,7 @@ class IDF_Views_Issue
$url = Pluf_HTTP_URL_urlForView('IDF_Views_Issue::view', $url = Pluf_HTTP_URL_urlForView('IDF_Views_Issue::view',
array($prj->shortname, $issue->id)); array($prj->shortname, $issue->id));
$title = Pluf_Template::markSafe(sprintf(__('Issue <a href="%1$s">%2$d</a>: %3$s'), $url, $issue->id, $issue->summary)); $title = Pluf_Template::markSafe(sprintf(__('Issue <a href="%1$s">%2$d</a>: %3$s'), $url, $issue->id, Pluf_esc($issue->summary)));
$form = false; // The form is available only if logged in. $form = false; // The form is available only if logged in.
$starred = false; $starred = false;
$closed = in_array($issue->status, $prj->getTagIdsByStatus('closed')); $closed = in_array($issue->status, $prj->getTagIdsByStatus('closed'));
@ -735,13 +735,13 @@ class IDF_Views_Issue
{ {
$prj = $request->project; $prj = $request->project;
$status = $match[2]; $status = $match[2];
if (mb_strtolower($status) == 'open') { if (mb_strtolower($status) == 'open') {
$url = Pluf_HTTP_URL_urlForView('IDF_Views_Issue::index', $url = Pluf_HTTP_URL_urlForView('IDF_Views_Issue::index',
array($prj->shortname)); array($prj->shortname));
return new Pluf_HTTP_Response_Redirect($url); return new Pluf_HTTP_Response_Redirect($url);
} }
$title = sprintf(__('%s Closed Issues'), (string) $prj); $title = sprintf(__('%s Closed Issues'), (string) $prj);
// Get stats about the issues // Get stats about the issues
$open = $prj->getIssueCountByStatus('open'); $open = $prj->getIssueCountByStatus('open');

View File

@ -137,7 +137,7 @@ class IDF_Views_Review
$prj->inOr404($review); $prj->inOr404($review);
$url = Pluf_HTTP_URL_urlForView('IDF_Views_Review::view', $url = Pluf_HTTP_URL_urlForView('IDF_Views_Review::view',
array($prj->shortname, $review->id)); array($prj->shortname, $review->id));
$title = Pluf_Template::markSafe(sprintf(__('Review <a href="%1$s">%2$d</a>: %3$s'), $url, $review->id, $review->summary)); $title = Pluf_Template::markSafe(sprintf(__('Review <a href="%1$s">%2$d</a>: %3$s'), $url, $review->id, Pluf_esc($review->summary)));
$patches = $review->get_patches_list(); $patches = $review->get_patches_list();
$patch = $patches[0]; $patch = $patches[0];