CC-4897: XSS exploit on library page

2013-02-04 11:06:46 -05:00 · 2013-02-04 11:06:46 -05:00 · 1f0b9fa5dc
parent 7238790c41
commit 1f0b9fa5dc
2 changed files with 3 additions and 3 deletions
--- a/airtime_mvc/application/controllers/LibraryController.php
+++ b/airtime_mvc/application/controllers/LibraryController.php
@ -438,7 +438,7 @@ class LibraryController extends Zend_Controller_Action
                $formValues = $this->_getParam('data', null);
                $formdata = array();
                foreach ($formValues as $val) {
-                    $formdata[$val["name"]] = htmlspecialchars($val["value"]);
+                    $formdata[$val["name"]] = $val["value"];
                }
                $file->setDbColMetadata($formdata);

--- a/airtime_mvc/application/models/StoredFile.php
+++ b/airtime_mvc/application/models/StoredFile.php
@ -269,7 +269,7 @@ class Application_Model_StoredFile
        $md = array();
        foreach ($this->_dbMD as $dbColumn => $propelColumn) {
            $method = "get$propelColumn";
-            $md[$dbColumn] = $this->_file->$method();
+            $md[$dbColumn] = htmlspecialchars($this->_file->$method());
        }

        return $md;
@ -300,7 +300,7 @@ class Application_Model_StoredFile
                if (isset($dbmd_copy[$value])) {
                    $propelColumn  = $dbmd_copy[$value];
                    $method        = "get$propelColumn";
-                    $md[$constant] = $this->_file->$method();
+                    $md[$constant] = htmlspecialchars($this->_file->$method());
                }
            }
        }