From 1f0b9fa5dc6b68451284a292250547f49d6bb897 Mon Sep 17 00:00:00 2001 From: denise Date: Mon, 4 Feb 2013 11:06:46 -0500 Subject: [PATCH] CC-4897: XSS exploit on library page --- airtime_mvc/application/controllers/LibraryController.php | 2 +- airtime_mvc/application/models/StoredFile.php | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/airtime_mvc/application/controllers/LibraryController.php b/airtime_mvc/application/controllers/LibraryController.php index 15ae12944..1e3ac996a 100644 --- a/airtime_mvc/application/controllers/LibraryController.php +++ b/airtime_mvc/application/controllers/LibraryController.php @@ -438,7 +438,7 @@ class LibraryController extends Zend_Controller_Action $formValues = $this->_getParam('data', null); $formdata = array(); foreach ($formValues as $val) { - $formdata[$val["name"]] = htmlspecialchars($val["value"]); + $formdata[$val["name"]] = $val["value"]; } $file->setDbColMetadata($formdata); diff --git a/airtime_mvc/application/models/StoredFile.php b/airtime_mvc/application/models/StoredFile.php index 9ca6ff32c..cc0d64489 100644 --- a/airtime_mvc/application/models/StoredFile.php +++ b/airtime_mvc/application/models/StoredFile.php @@ -269,7 +269,7 @@ class Application_Model_StoredFile $md = array(); foreach ($this->_dbMD as $dbColumn => $propelColumn) { $method = "get$propelColumn"; - $md[$dbColumn] = $this->_file->$method(); + $md[$dbColumn] = htmlspecialchars($this->_file->$method()); } return $md; @@ -300,7 +300,7 @@ class Application_Model_StoredFile if (isset($dbmd_copy[$value])) { $propelColumn = $dbmd_copy[$value]; $method = "get$propelColumn"; - $md[$constant] = $this->_file->$method(); + $md[$constant] = htmlspecialchars($this->_file->$method()); } } }