Security - Reintroducing HTML filter after report by Javier Bloem that it introduces an XSS, secifically for portals open to new teachers created by anonymous users, and reverting commit svn r20496 referencing issue http://projects.dokeos.com/index.php?do=details&task_id=4109 not accessible to the public anymore.

12 years ago · 3c770c201d
parent 2bfe10433b
commit 3c770c201d
1 changed files with 3 additions and 1 deletions
--- a/main/course_info/infocours.php
+++ b/main/course_info/infocours.php
@ -134,7 +134,7 @@ $form->addElement('html', $image_html);


 $form->add_textfield('title', get_lang('Title'), true, array('class' => 'span6'));
-//$form->applyFilter('title', 'html_filter');
+$form->applyFilter('title', 'html_filter');
 $form->applyFilter('title', 'trim');

 //$form->add_textfield('tutor_name', get_lang('Professors'), true, array ('size' => '60'));
@ -154,9 +154,11 @@ $form->addElement('select', 'category_code', get_lang('Fac'), $categories, array
 $form->addElement('select_language', 'course_language', array(get_lang('Ln'), get_lang('TipLang')));

 $form->add_textfield('department_name', get_lang('Department'), false, array('class' => 'span5'));
+$form->applyFilter('department_name', 'html_filter');
 $form->applyFilter('department_name', 'trim');

 $form->add_textfield('department_url', get_lang('DepartmentUrl'), false, array('class' => 'span5'));
+$form->applyFilter('department_url', 'html_filter');
 //$form->addRule('tutor_name', get_lang('ThisFieldIsRequired'), 'required');