Congegni/sintonia
7
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

CC-4897: XSS exploit on library page

Browse source 
-fixed where this was happening on Calendar - show content
This commit is contained in:
denise 2013-02-04 12:12:57 -05:00
parent d63865625d
commit 20a3f674b4
2 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
airtime_mvc/application/models/StoredFile.php
View file

@ -300,7 +300,7 @@ class Application_Model_StoredFile
if (isset($dbmd_copy[$value])) {
$propelColumn = $dbmd_copy[$value];
$method = "get$propelColumn";
$md[$constant] = htmlspecialchars($this->_file->$method());
$md[$constant] = $this->_file->$method();
}
}
}