Commit b84a5265 authored by Richard Mansfield's avatar Richard Mansfield
Browse files

More xss fixes from master

parent 6015fc31
......@@ -210,10 +210,10 @@ class ArtefactTypeBlog extends ArtefactType {
if (isset($options['viewid'])) {
$smarty->assign('artefacttitle', '<a href="' . get_config('wwwroot') . 'view/artefact.php?artefact='
. $this->get('id') . '&view=' . $options['viewid']
. '">' . $this->get('title') . '</a>');
. '">' . hsc($this->get('title')) . '</a>');
}
else {
$smarty->assign('artefacttitle', $this->get('title'));
$smarty->assign('artefacttitle', hsc($this->get('title')));
}
$smarty->assign('blockid', $blockid);
......@@ -221,7 +221,7 @@ class ArtefactTypeBlog extends ArtefactType {
$smarty->assign('enc_id', json_encode($this->id));
$smarty->assign('limit', self::pagination);
$smarty->assign('loading_img', theme_get_url('images/loading.gif'));
$smarty->assign('description', $this->get('description'));
$smarty->assign('description', clean_text($this->get('description')));
// Remove unnecessary options for blog posts
unset($options['hidetitle']);
......@@ -415,15 +415,15 @@ class ArtefactTypeBlogPost extends ArtefactType {
if (isset($options['viewid'])) {
$smarty->assign('artefacttitle', '<a href="' . get_config('wwwroot') . 'view/artefact.php?artefact='
. $this->get('id') . '&view=' . $options['viewid']
. '">' . $this->get('title') . '</a>');
. '">' . hsc($this->get('title')) . '</a>');
}
else {
$smarty->assign('artefacttitle', $this->get('title'));
$smarty->assign('artefacttitle', hsc($this->get('title')));
}
}
// We need to make sure that the images in the post have the right viewid associated with them
$postcontent = $this->get('description');
$postcontent = clean_text($this->get('description'));
if (isset($options['viewid'])) {
safe_require('artefact', 'file');
$postcontent = ArtefactTypeFolder::append_view_url($postcontent, $options['viewid']);
......@@ -553,6 +553,9 @@ class ArtefactTypeBlogPost extends ArtefactType {
$result[$file->blogpost]->files[] = $file;
}
}
foreach ($result as &$post) {
$post->description = clean_text($post->description);
}
}
return array($count, array_values($result));
......
......@@ -11,7 +11,7 @@
{foreach from=$attachments item=item}
<tr class="r{cycle values=1,0}">
<td style="width: 22px;"><img src="{$item->iconpath|escape}" alt=""></td>
<td><a href="{$item->viewpath|escape}">{$item->title}</a> ({$item->size}) - <strong><a href="{$item->downloadpath|escape}">{str tag=Download section=artefact.file}</a></strong>
<td><a href="{$item->viewpath|escape}">{$item->title|escape}</a> ({$item->size}) - <strong><a href="{$item->downloadpath|escape}">{str tag=Download section=artefact.file}</a></strong>
<br><strong>{$item->description|escape}</strong></td>
</tr>
{/foreach}
......
......@@ -71,7 +71,7 @@ class PluginBlocktypeImage extends PluginBlocktype {
$description = (is_a($image, 'ArtefacttypeImage')) ? $image->get('description') : $image->get('title');
if (!empty($configdata['showdescription']) && $description) {
$result .= '<p>' . $description . '</p>';
$result .= '<p>' . hsc($description) . '</p>';
}
$result .= '</div>';
}
......
......@@ -20,7 +20,7 @@
<tr class="{cycle values=r1,r0}">
<td><img src="{$child->iconsrc}" border="0" alt="{$child->artefacttype|escape}"></td>
<td><a href="{$WWWROOT}view/artefact.php?artefact={$child->id|escape}&amp;view={$viewid|escape}" title="{$child->hovertitle}">{$child->title}</a></td>
<td>{$child->description}</td>
<td>{$child->description|escape}</td>
{if !$simpledisplay}<td>{$child->date}</td>{/if}
</tr>
{/foreach}
......
<table>
{foreach from=$fields key='field' item='value'}
<tr>
<td>{$field}</td>
<td>{$value}</td>
<td>{$field|escape}</td>
<td>{$value|escape}</td>
</tr>
{/foreach}
</table>
......@@ -90,7 +90,7 @@ $artefactpath[] = array(
$heading = '<a href="' . get_config('wwwroot') . 'view/view.php?id=' . $view->get('id') .'">' . hsc($view->get('title')) . '</a> ' . get_string('by', 'view') . ' <a href="' . get_config('wwwroot') .'user/view.php?id=' . $view->get('owner'). '">' . hsc($view->formatted_owner()) . '</a>';
foreach ($artefactpath as $item) {
if (empty($item['url'])) {
$heading .= ': ' . $item['title'];
$heading .= ': ' . hsc($item['title']);
}
else {
$heading .= ': <a href="' . $item['url'] . '">' . hsc($item['title']) . '</a>';
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment