Fix xss on view artefact & view pages

6015fc31 · Richard Mansfield · 8cc0979a · 6015fc31 · 6015fc31 · 6015fc31
Commit 6015fc31 authored Mar 04, 2009 by Richard Mansfield
--- a/htdocs/artefact/file/theme/default/file_render_self.tpl
+++ b/htdocs/artefact/file/theme/default/file_render_self.tpl
@@ -6,7 +6,7 @@
 <table class="filedata">
    <tr><th>{str tag=Type section=artefact.file}:</th><td>{$filetype}</td></tr>
    <tr><th>{str tag=Description section=artefact.file}:</th><td>{$description|escape}</td></tr>
-    <tr><th>{str tag=Owner section=artefact.file}:</th><td>{$owner}</td></tr>
+    <tr><th>{str tag=Owner section=artefact.file}:</th><td>{$owner|escape}</td></tr>
    <tr><th>{str tag=Created section=artefact.file}:</th><td>{$created}</td></tr>
    <tr><th>{str tag=lastmodified section=artefact.file}:</th><td>{$modified}</td></tr>
    <tr><th>{str tag=Size section=artefact.file}:</th><td>{$size|escape}</td></tr>

--- a/htdocs/view/artefact.php
+++ b/htdocs/view/artefact.php
@@ -87,13 +87,13 @@ $artefactpath[] = array(
    'title' => $artefact->display_title(),
 );

-$heading = '<a href="' . get_config('wwwroot') . 'view/view.php?id=' . $view->get('id') .'">' . hsc($view->get('title')) . '</a> ' . get_string('by', 'view') . ' <a href="' . get_config('wwwroot') .'user/view.php?id=' . $view->get('owner'). '">' . $view->formatted_owner() . '</a>';
+$heading = '<a href="' . get_config('wwwroot') . 'view/view.php?id=' . $view->get('id') .'">' . hsc($view->get('title')) . '</a> ' . get_string('by', 'view') . ' <a href="' . get_config('wwwroot') .'user/view.php?id=' . $view->get('owner'). '">' . hsc($view->formatted_owner()) . '</a>';
 foreach ($artefactpath as $item) {
 	if (empty($item['url'])) {
 	    $heading .= ': ' . $item['title'];
 	}
 	else {
-        $heading .= ': <a href="' . $item['url'] . '">' . $item['title'] . '</a>';
+            $heading .= ': <a href="' . $item['url'] . '">' . hsc($item['title']) . '</a>';
 	}
 }


--- a/htdocs/view/view.php
+++ b/htdocs/view/view.php
@@ -49,7 +49,7 @@ if ($new) {
 else {
    $heading = '<a href="' . get_config('wwwroot') . 'view/view.php?id=' . $view->get('id') .'">' . hsc($view->get('title')) . '</a>';
 }
-$heading .= ' ' . get_string('by', 'view') . ' <a href="' . get_config('wwwroot') .'user/view.php?id=' . $view->get('owner'). '">' . $view->formatted_owner() . '</a>';
+$heading .= ' ' . get_string('by', 'view') . ' <a href="' . get_config('wwwroot') .'user/view.php?id=' . $view->get('owner'). '">' . hsc($view->formatted_owner()) . '</a>';


 $tutorfilefeedbackformrow = '';