Congegni/sintonia
7
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

XSS exploit prevention

Browse source 
- Calendar - Show Contents
- Playlist tooltip in Library page
- Adding track to a show
- Widgets
- Playlist/Webstream title and description
- Smart block expansion
This commit is contained in:
denise 2013-02-05 10:56:38 -05:00
parent b45f71e8f9
commit 74bc485b4b
8 changed files with 63 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

6
airtime_mvc/application/models/Block.php
View file

@ -257,6 +257,10 @@ SQL;
//format original length
$formatter = new LengthFormatter($row['orig_length']);
$row['orig_length'] = $formatter->format();
// XSS exploit prevention
$row["track_title"] = htmlspecialchars($row["track_title"]);
$row["creator"] = htmlspecialchars($row["creator"]);
}
return $rows;
@ -1241,7 +1245,7 @@ SQL;
foreach ($out as $crit) {
$criteria = $crit->getDbCriteria();
$modifier = $crit->getDbModifier();
$value = $crit->getDbValue();
$value = htmlspecialchars($crit->getDbValue());
$extra = $crit->getDbExtra();
if ($criteria == "limit") {