Details
-
Improvement
-
Resolution: Fixed
-
Critical
-
None
-
None
Description
Attached patch escapes some more output show to user. Fixes XSS exploits.
Also added a wrapper function (escape()) for the htmlspecialchars (long and boring to type..
). Let me know if another name may be more suitable for the function. I did not change all the htmlspecialchars yet, waste of time if this does not get commited
Other changes;
Changed $_POST/GET into $vars in multiple files in html/
Removed mres for place it was not needed or was redundant.
Fixed a typo in generic_definition.inc.php
Check if bill name is set when adding bill, if not don't add an empty entry to DB
Attachments
Activity
| Workflow | Original: classic default workflow [ 12037 ] | New: Observium workflow [ 14389 ] |
| Status | Original: Resolved [ 5 ] | New: Closed [ 6 ] |
| Resolution | New: Fixed [ 1 ] | |
| Status | Original: Open [ 1 ] | New: Resolved [ 5 ] |
| Attachment | Original: security-and-misc-fixesv2.patch [ 12253 ] |
| Attachment | Original: security-and-misc-fixesv2.patch [ 12252 ] |
| Attachment | New: security-and-misc-fixesv2.patch [ 12254 ] |
| Attachment | New: security-and-misc-fixesv2.patch [ 12253 ] |
Commited in r6207.
Note, some changes not compatible with patch, you can get svn errors.