From 20a3f674b4e1642f62a55c00b87a7239f7c31912 Mon Sep 17 00:00:00 2001
From: denise <denise@denise-DX4860sourcefabric.org>
Date: Mon, 4 Feb 2013 12:12:57 -0500
Subject: [PATCH] CC-4897: XSS exploit on library page

-fixed where this was happening on Calendar - show content
---
 airtime_mvc/application/controllers/ScheduleController.php | 2 +-
 airtime_mvc/application/models/StoredFile.php              | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/airtime_mvc/application/controllers/ScheduleController.php b/airtime_mvc/application/controllers/ScheduleController.php
index 0b384911e..1f3216eed 100644
--- a/airtime_mvc/application/controllers/ScheduleController.php
+++ b/airtime_mvc/application/controllers/ScheduleController.php
@@ -479,7 +479,7 @@ class ScheduleController extends Zend_Controller_Action
         $this->view->percentFilled = $show->getPercentScheduled();
         $this->view->showContent = $show->getShowListContent();
         $this->view->dialog = $this->view->render('schedule/show-content-dialog.phtml');
-        $this->view->showTitle = $show->getName();
+        $this->view->showTitle = htmlspecialchars($show->getName());
         unset($this->view->showContent);
     }
 
diff --git a/airtime_mvc/application/models/StoredFile.php b/airtime_mvc/application/models/StoredFile.php
index cc0d64489..9e69f0d28 100644
--- a/airtime_mvc/application/models/StoredFile.php
+++ b/airtime_mvc/application/models/StoredFile.php
@@ -300,7 +300,7 @@ class Application_Model_StoredFile
                 if (isset($dbmd_copy[$value])) {
                     $propelColumn  = $dbmd_copy[$value];
                     $method        = "get$propelColumn";
-                    $md[$constant] = htmlspecialchars($this->_file->$method());
+                    $md[$constant] = $this->_file->$method();
                 }
             }
         }