From: <jl...@us...> - 2003-10-18 16:38:59
|
Update of /cvsroot/mantisbt/mantisbt In directory sc8-pr-cvs1:/tmp/cvs-serv4406 Modified Files: bug_actiongroup_page.php history_inc.php manage_proj_edit_page.php view_all_inc.php Log Message: Fixed various CSS vulnerabilities (thanks to Paul Richards for discovering them) Index: bug_actiongroup_page.php =================================================================== RCS file: /cvsroot/mantisbt/mantisbt/bug_actiongroup_page.php,v retrieving revision 1.31 retrieving revision 1.32 diff -u -d -r1.31 -r1.32 --- bug_actiongroup_page.php 20 Feb 2003 05:42:22 -0000 1.31 +++ bug_actiongroup_page.php 18 Oct 2003 16:34:59 -0000 1.32 @@ -81,7 +81,7 @@ <br /> <div align="center"> <form method="POST" action="bug_actiongroup.php"> -<input type="hidden" name="action" value="<?php echo $f_action ?>" /> +<input type="hidden" name="action" value="<?php echo string_attribute( $f_action ) ?>" /> <table class="width75" cellspacing="1"> <?php foreach( $f_bug_arr as $t_bug_id ) { ?> <input type="hidden" name="bug_arr[]" value="<?php echo $t_bug_id ?>" /> Index: history_inc.php =================================================================== RCS file: /cvsroot/mantisbt/mantisbt/history_inc.php,v retrieving revision 1.19 retrieving revision 1.20 diff -u -d -r1.19 -r1.20 --- history_inc.php 22 Mar 2003 21:42:22 -0000 1.19 +++ history_inc.php 18 Oct 2003 16:34:59 -0000 1.20 @@ -55,13 +55,13 @@ <?php print_user( $t_item['userid'] ) ?> </td> <td class="small-caption"> - <?php echo $t_item['note'] ?> + <?php echo string_display( $t_item['note'] ) ?> </td> <td class="small-caption"> - <?php echo $t_item['change'] ?> + <?php echo string_display( $t_item['change'] ) ?> </td> </tr> <?php } # end for loop ?> -</table> \ No newline at end of file +</table> Index: manage_proj_edit_page.php =================================================================== RCS file: /cvsroot/mantisbt/mantisbt/manage_proj_edit_page.php,v retrieving revision 1.71 retrieving revision 1.72 diff -u -d -r1.71 -r1.72 --- manage_proj_edit_page.php 22 Mar 2003 16:30:35 -0000 1.71 +++ manage_proj_edit_page.php 18 Oct 2003 16:34:59 -0000 1.72 @@ -383,7 +383,7 @@ { if( !custom_field_is_linked( $t_field_id, $f_project_id ) ) { $t_desc = custom_field_get_definition( $t_field_id ); - echo "<option value=\"$t_field_id\">" . $t_desc['name'] . '</option>' ; + echo "<option value=\"$t_field_id\">" . string_attribute( $t_desc['name'] ) . '</option>' ; } } ?> Index: view_all_inc.php =================================================================== RCS file: /cvsroot/mantisbt/mantisbt/view_all_inc.php,v retrieving revision 1.128 retrieving revision 1.129 diff -u -d -r1.128 -r1.129 --- view_all_inc.php 24 Aug 2003 02:59:56 -0000 1.128 +++ view_all_inc.php 18 Oct 2003 16:34:59 -0000 1.129 @@ -404,7 +404,7 @@ echo ']</small><br />'; } - echo $v_category; + echo string_display( $v_category ); ?> </td> <?php # -- Severity -- ?> |