Congegni
/
sintonia
7
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

CC-4897: XSS exploit on library page

This commit is contained in:
denise 2013-02-04 11:06:46 -05:00
parent 7238790c41
commit 1f0b9fa5dc
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
airtime_mvc/application/controllers/LibraryController.php
View File

@ -438,7 +438,7 @@ class LibraryController extends Zend_Controller_Action
$formValues = $this->_getParam('data', null); $formValues = $this->_getParam('data', null);
$formdata = array(); $formdata = array();
foreach ($formValues as $val) { foreach ($formValues as $val) {
$formdata[$val["name"]] = htmlspecialchars($val["value"]); $formdata[$val["name"]] = $val["value"];
} }
$file->setDbColMetadata($formdata); $file->setDbColMetadata($formdata);

4
airtime_mvc/application/models/StoredFile.php
View File

@ -269,7 +269,7 @@ class Application_Model_StoredFile
$md = array(); $md = array();
foreach ($this->_dbMD as $dbColumn => $propelColumn) { foreach ($this->_dbMD as $dbColumn => $propelColumn) {
$method = "get$propelColumn"; $method = "get$propelColumn";
$md[$dbColumn] = $this->_file->$method(); $md[$dbColumn] = htmlspecialchars($this->_file->$method());
} }
return $md; return $md;
@ -300,7 +300,7 @@ class Application_Model_StoredFile
if (isset($dbmd_copy[$value])) { if (isset($dbmd_copy[$value])) {
$propelColumn = $dbmd_copy[$value]; $propelColumn = $dbmd_copy[$value];
$method = "get$propelColumn"; $method = "get$propelColumn";
$md[$constant] = $this->_file->$method(); $md[$constant] = htmlspecialchars($this->_file->$method());
} }
} }
} }