CC-4894: Need to filter output for potential XSS exploits

-fixed few areas
2013-01-29 15:17:29 -05:00 · 2013-01-29 15:17:29 -05:00 · b15c4569eb
commit b15c4569eb
parent 9d4e0d2dd1
9 changed files with 20 additions and 9 deletions
--- a/airtime_mvc/application/controllers/LibraryController.php
+++ b/airtime_mvc/application/controllers/LibraryController.php
@ -385,6 +385,15 @@ class LibraryController extends Zend_Controller_Action
        //TODO move this to the datatables row callback.
        foreach ($r["aaData"] as &$data) {

+            foreach ($data as $k => &$v) {
+                if ($k != "image" && $k != "checkbox") {
+                    $v = htmlspecialchars($v);
+                }
+            }
+            //TODO: Replace the above foreach loop with the line below when ticket
+            //CC-4896 is completed.
+            //$data = array_map('htmlspecialchars', $data);
+
            if ($data['ftype'] == 'audioclip') {
                $file = Application_Model_StoredFile::Recall($data['id']);
                $scid = $file->getSoundCloudId();
--- a/airtime_mvc/application/controllers/UserController.php
+++ b/airtime_mvc/application/controllers/UserController.php
@ -115,7 +115,7 @@ class UserController extends Zend_Controller_Action
        $post = $this->getRequest()->getPost();
        $users = Application_Model_User::getUsersDataTablesInfo($post);

-        die(json_encode($users));
+        $this->_helper->json->sendJson($users);
    }

    public function getUserDataAction()