CC-4897: XSS exploit on library page

-fixed where this was happening on Calendar - show content
2013-02-04 12:12:57 -05:00 · 2013-02-04 12:12:57 -05:00 · 20a3f674b4
commit 20a3f674b4
parent d63865625d
2 changed files with 2 additions and 2 deletions
--- a/airtime_mvc/application/controllers/ScheduleController.php
+++ b/airtime_mvc/application/controllers/ScheduleController.php
@ -479,7 +479,7 @@ class ScheduleController extends Zend_Controller_Action
        $this->view->percentFilled = $show->getPercentScheduled();
        $this->view->showContent = $show->getShowListContent();
        $this->view->dialog = $this->view->render('schedule/show-content-dialog.phtml');
-        $this->view->showTitle = $show->getName();
+        $this->view->showTitle = htmlspecialchars($show->getName());
        unset($this->view->showContent);
    }

--- a/airtime_mvc/application/models/StoredFile.php
+++ b/airtime_mvc/application/models/StoredFile.php
@ -300,7 +300,7 @@ class Application_Model_StoredFile
                if (isset($dbmd_copy[$value])) {
                    $propelColumn  = $dbmd_copy[$value];
                    $method        = "get$propelColumn";
-                    $md[$constant] = htmlspecialchars($this->_file->$method());
+                    $md[$constant] = $this->_file->$method();
                }
            }
        }