[Xoops-svn] SF.net SVN: xoops-svn:[12852] XoopsCore/branches/2.5.x/2.5.8/htdocs/modules /system

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Revision: 12852
          http://sourceforge.net/p/xoops/svn/12852
Author:   rgriffith
Date:     2014-11-17 03:34:31 +0000 (Mon, 17 Nov 2014)
Log Message:
-----------
Fix for #1297

Modified Paths:
--------------
    XoopsCore/branches/2.5.x/2.5.8/htdocs/modules/system/admin/modulesadmin/main.php
    XoopsCore/branches/2.5.x/2.5.8/htdocs/modules/system/themes/default/default.php

Modified: XoopsCore/branches/2.5.x/2.5.8/htdocs/modules/system/admin/modulesadmin/main.php
===================================================================

--- XoopsCore/branches/2.5.x/2.5.8/htdocs/modules/system/admin/modulesadmin/main.php	2014-11-17 03:33:33 UTC (rev 12851)
+++ XoopsCore/branches/2.5.x/2.5.8/htdocs/modules/system/admin/modulesadmin/main.php	2014-11-17 03:34:31 UTC (rev 12852)
@@ -36,6 +36,7 @@
 
 include_once XOOPS_ROOT_PATH . '/class/xoopsblock.php';
 include_once XOOPS_ROOT_PATH . '/modules/system/admin/modulesadmin/modulesadmin.php';
+XoopsLoad::load('XoopsFilterInput');
 
 if (isset($_POST)) {
     foreach ($_POST as $k => $v) {
@@ -88,6 +89,7 @@
         $install_mods   = array();
         foreach ($installed_mods as $module) {
             $listed_mods[$i]                = $module->toArray();
+            $listed_mods[$i]['name']        = htmlspecialchars($module->getVar('name'), ENT_QUOTES);
             $listed_mods[$i]['image']       = $module->getInfo('image');
             $listed_mods[$i]['adminindex']  = $module->getInfo('adminindex');
             $listed_mods[$i]['version']     = round($module->getVar('version') / 100, 2);
@@ -166,7 +168,7 @@
                 if (!in_array($file, $install_mods)) {
                     $module =& $module_handler->create();
                     $module->loadInfo($file);
-                    $toinstall_mods[$i]['name']        = $module->getInfo('name');
+                    $toinstall_mods[$i]['name']        = htmlspecialchars($module->getInfo('name'), ENT_QUOTES);
                     $toinstall_mods[$i]['dirname']     = $module->getInfo('dirname');
                     $toinstall_mods[$i]['image']       = $module->getInfo('image');
                     $toinstall_mods[$i]['version']     = round($module->getInfo('version'), 2);
@@ -242,6 +244,7 @@
         $module      = empty($_POST['module']) ? array() : $_POST['module'];
         foreach ($module as $mid) {
             $mid                          = (int) $mid;
+            $newname[$mid] = trim(XoopsFilterInput::clean($newname[$mid], 'STRING'));
             $modifs_mods[$i]['mid']       = $mid;
             $modifs_mods[$i]['oldname']   = $myts->htmlspecialchars($myts->stripSlashesGPC($oldname[$mid]));
             $modifs_mods[$i]['newname']   = $myts->htmlspecialchars(trim($myts->stripslashesGPC($newname[$mid])));
@@ -306,7 +309,7 @@
                     $ret[] = xoops_module_deactivate($mid);
                 }
             }
-            $newname[$mid] = trim($newname[$mid]);
+            $newname[$mid] = trim(XoopsFilterInput::clean($newname[$mid], 'STRING'));
             if ($oldname[$mid] != $newname[$mid]) {
                 $ret[] = xoops_module_change($mid, $newname[$mid]);
                 $write = true;

Modified: XoopsCore/branches/2.5.x/2.5.8/htdocs/modules/system/themes/default/default.php
===================================================================
--- XoopsCore/branches/2.5.x/2.5.8/htdocs/modules/system/themes/default/default.php	2014-11-17 03:33:33 UTC (rev 12851)
+++ XoopsCore/branches/2.5.x/2.5.8/htdocs/modules/system/themes/default/default.php	2014-11-17 03:34:31 UTC (rev 12852)
@@ -166,7 +166,7 @@
                 } else {
                     $rtn['link'] = XOOPS_URL . '/modules/system/admin.php?fct=preferences&amp;op=showmod&amp;mod=' . $mod->getVar('mid');
                 }
-                $rtn['title'] = $mod->name();
+                $rtn['title'] = htmlspecialchars($mod->name(), ENT_QUOTES);
                 $rtn['absolute'] = 1;
                 $rtn['url'] = XOOPS_URL . '/modules/'. $mod->getVar('dirname', 'n') . '/'; //add for sub menus
                 $modOptions = $mod->getAdminMenu();                                        //add for sub menus
@@ -239,7 +239,7 @@
             $sadmin = $moduleperm_handler->checkRight('module_admin', $mod->getVar('mid'), $xoopsUser->getGroups());
             if ($sadmin && ($mod->getVar('hasnotification') || is_array($mod->getInfo('config')) || is_array($mod->getInfo('comments')))) {
                 $rtn['link'] = XOOPS_URL . '/modules/system/admin.php?fct=preferences&amp;op=showmod&amp;mod=' . $mod->getVar('mid');
-                $rtn['title'] = $mod->name();
+                $rtn['title'] = htmlspecialchars($mod->name(), ENT_QUOTES);
                 $rtn['absolute'] = 1;
                 $rtn['icon'] = XOOPS_ADMINTHEME_URL . '/gui/oxygen/icons/prefs_small.png';
                 $menu[] = $rtn;
@@ -298,7 +298,7 @@
                 } else {
                     $rtn ['link'] = XOOPS_URL . '/modules/system/admin.php?fct=preferences&amp;op=showmod&amp;mod=' . $mod->getVar ( 'mid' );
                 }
-                $rtn ['title'] = $mod->getVar ('name');
+                $rtn ['title'] = htmlspecialchars($mod->getVar ('name'), ENT_QUOTES);
                 $rtn ['description'] = $mod->getInfo('description');
                 $rtn ['absolute'] = 1;
                 if (isset ( $info ['icon_big'] )) {





[Xoops-svn] SF.net SVN: xoops-svn:[12852] XoopsCore/branches/2.5.x/2.5.8/htdocs/modules /system

The world's leading content management systems (CMS) written in PHP

[Xoops-svn] SF.net SVN: xoops-svn:[12852] XoopsCore/branches/2.5.x/2.5.8/htdocs/modules /system