Menu
▾
▴
[Openutils-svn] SF.net SVN: openutils:[4458] magnoliamodules/trunk/openutils-mgnlmedia/src/ main/resources/net/sourceforge/openutils/mgnlmedia/media/pages/ MediaFolderViewPage.html
Revision: 4458
http://openutils.svn.sourceforge.net/openutils/?rev=4458&view=rev
Author: fgiust
Date: 2013-12-07 21:11:44 +0000 (Sat, 07 Dec 2013)
Log Message:
-----------
MEDIA-295 Cross-site scripting vulnerability in mediaFolderView.html
Modified Paths:
--------------
magnoliamodules/trunk/openutils-mgnlmedia/src/main/resources/net/sourceforge/openutils/mgnlmedia/media/pages/MediaFolderViewPage.html
Modified: magnoliamodules/trunk/openutils-mgnlmedia/src/main/resources/net/sourceforge/openutils/mgnlmedia/media/pages/MediaFolderViewPage.html
===================================================================
--- magnoliamodules/trunk/openutils-mgnlmedia/src/main/resources/net/sourceforge/openutils/mgnlmedia/media/pages/MediaFolderViewPage.html 2013-12-03 08:49:28 UTC (rev 4457)
+++ magnoliamodules/trunk/openutils-mgnlmedia/src/main/resources/net/sourceforge/openutils/mgnlmedia/media/pages/MediaFolderViewPage.html 2013-12-07 21:11:44 UTC (rev 4458)
@@ -38,7 +38,7 @@
new MediaFolderView.Sorting('sorting', this.options);
new MediaFolderView.EditMenus('li.media .menuitem');
new MediaFolderView.InfoTooltips('li.media .image');
- Cookie.write('mediafolderpath', '${this.path!}', {duration: 30});
+ Cookie.write('mediafolderpath', '${this.path!?js_string}', {duration: 30});
[#if (this.request.getParameter('command')!'') == 'saveAsPlaylist']
this.openPlaylistFromSearchDialog();
[/#if]
@@ -327,7 +327,7 @@
<body id="mediafolderview" class="bg-${this.bgSelector}">
<form action="" style="display:none" id="actionForm" method="post">
<input type="hidden" id="actionCmd" name="command" value="delete" />
- <input type="hidden" id="actionPath" name="path" value="${this.path!""}" />
+ <input type="hidden" id="actionPath" name="path" value="${this.path!?html!""}" />
<input type="hidden" id="actionSearch" name="search" value="${this.search!""}" />
<input type="hidden" id="actionNode" name="node" />
<input type="hidden" id="actionDest" name="dest" />
@@ -337,7 +337,7 @@
[/#if]
<input type="hidden" name="search" value="${this.search!''}" />
[#if this.path?exists]
- <input type="hidden" name="path" value="${this.path}" />
+ <input type="hidden" name="path" value="${this.path!?html!""}" />
[/#if]
</form>
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
