Congegni/sintonia
7
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

CC-4897: XSS exploit on library page

Browse source 
-fixed
This commit is contained in:
denise 2013-01-30 11:51:27 -05:00
parent d4742577c9
commit 595429e6e5
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
airtime_mvc/application/controllers/LibraryController.php
View file

@ -438,7 +438,7 @@ class LibraryController extends Zend_Controller_Action
$formValues = $this->_getParam('data', null);
$formdata = array();
foreach ($formValues as $val) {
$formdata[$val["name"]] = $val["value"];
$formdata[$val["name"]] = htmlspecialchars($val["value"]);
}
$file->setDbColMetadata($formdata);