CC-4897: XSS exploit on library page

-fixed
2013-01-30 11:51:27 -05:00 · 2013-01-30 11:51:27 -05:00 · 595429e6e5
parent d4742577c9
commit 595429e6e5
1 changed files with 1 additions and 1 deletions
--- a/airtime_mvc/application/controllers/LibraryController.php
+++ b/airtime_mvc/application/controllers/LibraryController.php
@ -438,7 +438,7 @@ class LibraryController extends Zend_Controller_Action
                $formValues = $this->_getParam('data', null);
                $formdata = array();
                foreach ($formValues as $val) {
-                    $formdata[$val["name"]] = $val["value"];
+                    $formdata[$val["name"]] = htmlspecialchars($val["value"]);
                }
                $file->setDbColMetadata($formdata);