CC-4894: Need to filter output for potential XSS exploits

-fixed few areas
2013-01-29 15:17:29 -05:00 · 2013-01-29 15:17:29 -05:00 · b15c4569eb
commit b15c4569eb
parent 9d4e0d2dd1
9 changed files with 20 additions and 9 deletions
--- a/airtime_mvc/application/models/ShowBuilder.php
+++ b/airtime_mvc/application/models/ShowBuilder.php
@ -227,7 +227,7 @@ class Application_Model_ShowBuilder
        $row["endDate"]   = $showEndDT->format("Y-m-d");
        $row["endTime"]   = $showEndDT->format("H:i");
        $row["duration"]  = floatval($showEndDT->format("U.u")) - floatval($showStartDT->format("U.u"));
-        $row["title"]     = $p_item["show_name"];
+        $row["title"]     = htmlspecialchars($p_item["show_name"]);
        $row["instance"]  = intval($p_item["si_id"]);
        $row["image"]     = '';

--- a/airtime_mvc/application/models/User.php
+++ b/airtime_mvc/application/models/User.php
@ -335,6 +335,8 @@ class Application_Model_User
            } else {
                $record['delete'] = "";
            }
+
+            $record = array_map('htmlspecialchars', $record);
        }

        return $res;