bashclub/piler
1
0
Fork 0
mirror of https://bitbucket.org/jsuto/piler.git synced 2024-11-08 03:51:59 +01:00
Code Issues Packages Projects Releases Wiki Activity

fixed an xss issue in the gui

Browse Source
This commit is contained in:
SJ 2014-08-11 10:40:18 +02:00
parent eb334317ca
commit f0e81b60ff
3 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
webui/system/misc.php
View File

@ -27,6 +27,8 @@ function AUDIT($action = 0, $email = '', $ipaddr = '', $id = 0, $description = '
$db = Registry::get('db');
$description = htmlspecialchars($description);
$query = $db->query("INSERT INTO " . TABLE_AUDIT . " (ts, email, domain, action, ipaddr, meta_id, description) VALUES(?,?,?,?,?,?,?)", array(time(), $email, $a[1], $action, $ipaddr, $id, $description));
return $db->countAffected();

2
webui/view/theme/default/templates/search/load.tpl
View File

@ -10,7 +10,7 @@
if(isset($s['search'])) {
?>
<tr>
<td><a href="#" onclick="Piler.load_search_results_for_saved_query('<?php print urlencode($term['term']); ?>');"><?php print $s['search']; ?></a> | <a href="#" class="menulink" onclick="Piler.remove_saved_search_term(<?php print $term['ts']; ?>); return false;"><?php print $text_remove; ?></a></td>
<td><a href="#" onclick="Piler.load_search_results_for_saved_query('<?php print urlencode($term['term']); ?>');"><?php print htmlspecialchars($s['search']); ?></a> | <a href="#" class="menulink" onclick="Piler.remove_saved_search_term(<?php print $term['ts']; ?>); return false;"><?php print $text_remove; ?></a></td>
<td>&nbsp;</td>
</tr>
<?php } } ?>

2
webui/view/theme/mobile/templates/search/load.tpl
View File

@ -18,7 +18,7 @@
if(isset($s['search']) && $s['search']) {
?>
<div class="resultrow center">
<a href="#" onclick="Piler.load_search_results_for_saved_query('<?php print urlencode($term['term']); ?>');"><?php print $s['search']; ?></a> | <a href="#" class="menulink" onclick="Piler.remove_saved_search_term(<?php print $term['ts']; ?>); return false;"><?php print $text_remove; ?></a></br />
<a href="#" onclick="Piler.load_search_results_for_saved_query('<?php print urlencode($term['term']); ?>');"><?php print htmlspecialchars($s['search']); ?></a> | <a href="#" class="menulink" onclick="Piler.remove_saved_search_term(<?php print $term['ts']; ?>); return false;"><?php print $text_remove; ?></a></br />
</div>
<?php } } ?>