Project

General

Profile

Actions

Bug #2380

closed

Missing htmlspecialchars in html output

Added by beat almost 14 years ago. Updated almost 14 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Start date:
08 March 2011
Due date:
% Done:

100%

Estimated time:

Description

component.groupjive.php line 587:

                $input['description']    =    '<textarea id="description" name="description" class="inputbox" cols="40" rows="5">' . $config->get( 'description' ) . '</textarea>';

missing htmlspecialchars.

Please check all places.


Related issues 1 (0 open1 closed)

Related to CB GroupJive - Bug #2385: not htmlescaped inputsClosedbeat08 March 2011

Actions
Actions #1

Updated by krileon almost 14 years ago

  • Status changed from New to Resolved
  • Assignee changed from krileon to beat
  • % Done changed from 0 to 100

Fixed with r1606

Actions #2

Updated by beat almost 14 years ago

  • Status changed from Resolved to Assigned
  • Assignee changed from beat to krileon
  • % Done changed from 100 to 50

Same applies to values of inputs:
e.g. line 581:

            $input['name']                =    '<input type="text" id="name" name="name" value="' . $config->get( 'name' ) . '" class="inputbox" size="40" />';

should be:

            $input['name']                =    '<input type="text" id="name" name="name" value="' . htmlspecialchars( $config->get( 'name' ) ) . '" class="inputbox" size="40" />';

Actually, not only for values of inputs, but all html output from PHP should be htmlspecialchared where applicable. Otherwise you can have html and javascript injections.

Actions #3

Updated by beat almost 14 years ago

and e.g. line 609:

            $input['owner']                =    '<input type="text" id="user_id" name="user_id" value="' . $config->get( 'user_id', $user->id ) . '" class="inputbox" size="6" ' . $disabled . ' />';

could be as it's an int:

            $input['owner']                =    '<input type="text" id="user_id" name="user_id" value="' . intval( $config->get( 'user_id', $user->id ) ) . '" class="inputbox" size="6" ' . $disabled . ' />';
Actions #4

Updated by krileon almost 14 years ago

  • Status changed from Assigned to Resolved
  • Assignee changed from krileon to beat
  • % Done changed from 50 to 100

Fixed with r1607

Actions #5

Updated by krileon almost 14 years ago

  • Status changed from Resolved to Closed
Actions

Also available in: Atom PDF