Congegni/sintonia
7
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

CC-4897: XSS exploit on library page

Browse source 
-fixed where this was happening on Calendar - show content
This commit is contained in:
denise 2013-02-04 12:12:57 -05:00
parent d63865625d
commit 20a3f674b4
2 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
airtime_mvc/application/controllers/ScheduleController.php
View file

@ -479,7 +479,7 @@ class ScheduleController extends Zend_Controller_Action
$this->view->percentFilled = $show->getPercentScheduled(); $this->view->percentFilled = $show->getPercentScheduled();
$this->view->showContent = $show->getShowListContent(); $this->view->showContent = $show->getShowListContent();
$this->view->dialog = $this->view->render('schedule/show-content-dialog.phtml'); $this->view->dialog = $this->view->render('schedule/show-content-dialog.phtml');
$this->view->showTitle = $show->getName(); $this->view->showTitle = htmlspecialchars($show->getName());
unset($this->view->showContent); unset($this->view->showContent);
} }

2
airtime_mvc/application/models/StoredFile.php
View file

@ -300,7 +300,7 @@ class Application_Model_StoredFile
if (isset($dbmd_copy[$value])) { if (isset($dbmd_copy[$value])) {
$propelColumn = $dbmd_copy[$value]; $propelColumn = $dbmd_copy[$value];
$method = "get$propelColumn"; $method = "get$propelColumn";
$md[$constant] = htmlspecialchars($this->_file->$method()); $md[$constant] = $this->_file->$method();
} }
} }
} }