chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Security: Glossary: Remove XSS

Browse Source 
Fix GHSA-4wcp-3rh3-7wm4 advisory
pull/5903/head
Angel Fernando Quiroz Campos 11 months ago
parent 775a5452f1
commit 8ff67c3ad2
No known key found for this signature in database
GPG Key ID: B284841AE3E562CD
2 changed files with 6 additions and 8 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 12
      main/glossary/index.php
  2. 2
      main/inc/lib/TrackingCourseLog.php

12
main/glossary/index.php
Unescape View File

@ -90,12 +90,12 @@ switch ($action) {
$form->addHtmlEditor( $form->addHtmlEditor(
'name', 'name',
get_lang('TermName'), get_lang('TermName'),
false, true,
false, false,
['ToolbarSet' => 'TitleAsHtml'] ['ToolbarSet' => 'TitleAsHtml']
); );
} else { } else {
$form->addElement('text', 'name', get_lang('TermName'), ['id' => 'glossary_title']); $form->addText('name', get_lang('TermName'), true, ['id' => 'glossary_title']);
} }
$form->addHtmlEditor( $form->addHtmlEditor(
@ -107,7 +107,6 @@ switch ($action) {
); );
$form->addButtonCreate(get_lang('TermAddButton'), 'SubmitGlossary'); $form->addButtonCreate(get_lang('TermAddButton'), 'SubmitGlossary');
// setting the rules // setting the rules
$form->addRule('name', get_lang('ThisFieldIsRequired'), 'required');
// The validation or display // The validation or display
if ($form->validate()) { if ($form->validate()) {
$check = Security::check_token('post'); $check = Security::check_token('post');
@ -154,12 +153,12 @@ switch ($action) {
$form->addHtmlEditor( $form->addHtmlEditor(
'name', 'name',
get_lang('TermName'), get_lang('TermName'),
false, true,
false, false,
['ToolbarSet' => 'TitleAsHtml'] ['ToolbarSet' => 'TitleAsHtml']
); );
} else { } else {
$form->addElement('text', 'name', get_lang('TermName'), ['id' => 'glossary_title']); $form->addText('name', get_lang('TermName'), true, ['id' => 'glossary_title']);
} }
$form->addHtmlEditor( $form->addHtmlEditor(
@ -192,9 +191,6 @@ switch ($action) {
$form->addButtonUpdate(get_lang('TermUpdateButton'), 'SubmitGlossary'); $form->addButtonUpdate(get_lang('TermUpdateButton'), 'SubmitGlossary');
$form->setDefaults($glossary_data); $form->setDefaults($glossary_data);
// setting the rules
$form->addRule('name', get_lang('ThisFieldIsRequired'), 'required');
// The validation or display // The validation or display
if ($form->validate()) { if ($form->validate()) {
$check = Security::check_token('post'); $check = Security::check_token('post');

2
main/inc/lib/TrackingCourseLog.php
Unescape View File

@ -284,6 +284,8 @@ class TrackingCourseLog
$row[4] = $ip; $row[4] = $ip;
} }
$row[5] = Security::remove_XSS($row[5]);
$resources[] = $row; $resources[] = $row;
} }
} }

Write Preview
Loading…
Cancel
Save