XSS exploit prevention

- Calendar - Show Contents - Playlist tooltip in Library page - Adding track to a show - Widgets - Playlist/Webstream title and description - Smart block expansion
2013-02-05 10:56:38 -05:00 · 2013-02-05 10:56:38 -05:00 · 74bc485b4b
commit 74bc485b4b
parent b45f71e8f9
8 changed files with 63 additions and 11 deletions
--- a/airtime_mvc/application/models/ShowBuilder.php
+++ b/airtime_mvc/application/models/ShowBuilder.php
@ -275,9 +275,9 @@ class Application_Model_ShowBuilder
            $formatter       = new LengthFormatter(Application_Common_DateHelper::ConvertMSToHHMMSSmm($run_time*1000));
            $row['runtime']  = $formatter->format();

-            $row["title"]    = $p_item["file_track_title"];
-            $row["creator"]  = $p_item["file_artist_name"];
-            $row["album"]    = $p_item["file_album_title"];
+            $row["title"]    = htmlspecialchars($p_item["file_track_title"]);
+            $row["creator"]  = htmlspecialchars($p_item["file_artist_name"]);
+            $row["album"]    = htmlspecialchars($p_item["file_album_title"]);

            $row["cuein"]    = $p_item["cue_in"];
            $row["cueout"]   = $p_item["cue_out"];