chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Avoid Security::remove_XSS partial CT#586

Browse Source
skala
Julio Montoya 16 years ago
parent d6c58ea2f5
commit ad744965b5
3 changed files with 8 additions and 16 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 9
      main/forum/viewthread_flat.inc.php
  2. 9
      main/forum/viewthread_nested.inc.php
  3. 6
      main/forum/viewthread_threaded.inc.php

9
main/forum/viewthread_flat.inc.php
Unescape View File

@ -107,17 +107,12 @@ foreach ($rows as $row) {
$post_image.=icon('../img/forumnotification.gif',get_lang('YouWillBeNotified'));
}
// The post title
echo "\t\t<td class=\"$titleclass\">".prepare4display($row['post_title'])."</td>\n";
echo "\t\t<td class=\"$titleclass\">".prepare4display(Security::remove_XSS($row['post_title'], STUDENT))."</td>\n";
echo "\t</tr>\n";
// The post message
//we can see now the html tags
$row['post_text']= Security::remove_XSS($row['post_text'], STUDENT);
echo "\t<tr>\n";
echo "\t\t<td class=\"$messageclass\">".prepare4display($row['post_text'])."</td>\n";
echo "\t\t<td class=\"$messageclass\">".prepare4display(Security::remove_XSS($row['post_text'], STUDENT))."</td>\n";
echo "\t</tr>\n";
// The check if there is an attachment

9
main/forum/viewthread_nested.inc.php
Unescape View File

@ -105,15 +105,12 @@ foreach ($rows as $post) {
$post_image.=icon('../img/forumnotification.gif',get_lang('YouWillBeNotified'));
}
// The post title
echo "\t\t<td class=\"$titleclass\">".prepare4display($post['post_title'])."</td>\n";
echo "\t\t<td class=\"$titleclass\">".prepare4display(Security::remove_XSS($post['post_title'], STUDENT))."</td>\n";
echo "\t</tr>\n";
// The post message
$post['post_text']= Security::remove_XSS($post['post_text'], STUDENT);
// The post message
echo "\t<tr>\n";
echo "\t\t<td class=\"$messageclass\">".prepare4display($post['post_text'])."</td>\n";
echo "\t\t<td class=\"$messageclass\">".prepare4display(Security::remove_XSS($post['post_text'], STUDENT))."</td>\n";
echo "\t</tr>\n";

6
main/forum/viewthread_threaded.inc.php
Unescape View File

@ -79,7 +79,7 @@ foreach ($rows as $post) {
$thread_structure.= $post_image;
if ($_GET['post']==$post['post_id'] OR ($counter==1 AND !isset($_GET['post'])))
{
$thread_structure.='<strong>'.prepare4display($post['post_title']).'</strong></div>';
$thread_structure.='<strong>'.prepare4display(Security::remove_XSS($post['post_title'],STUDENT)).'</strong></div>';
$prev_next_array[]=$post['post_id'];
}
else
@ -93,7 +93,7 @@ foreach ($rows as $post) {
$class='';
}
$count_loop=($count==0)?'&id=1' : '';
$thread_structure.= "<a href=\"viewthread.php?".api_get_cidreq()."&forum=".Security::remove_XSS($_GET['forum'])."&amp;thread=".Security::remove_XSS($_GET['thread'])."&amp;post=".$post['post_id']."&amp;origin=$origin$count_loop\" $class>".prepare4display($post['post_title'])."</a></div>\n";
$thread_structure.= "<a href=\"viewthread.php?".api_get_cidreq()."&forum=".Security::remove_XSS($_GET['forum'])."&amp;thread=".Security::remove_XSS($_GET['thread'])."&amp;post=".$post['post_id']."&amp;origin=$origin$count_loop\" $class>".prepare4display(Security::remove_XSS($post['post_title'],STUDENT))."</a></div>\n";
$prev_next_array[]=$post['post_id'];
}
$count++;
@ -276,7 +276,7 @@ if ($rows[$display_post_id]['post_notification']=='1' AND $rows[$display_post_id
$post_image.=icon('../img/forumnotification.gif',get_lang('YouWillBeNotified'));
}
// The post title
echo "\t\t<td class=\"$titleclass\">".prepare4display(Security::remove_XSS($rows[$display_post_id]['post_title']))."</td>\n";
echo "\t\t<td class=\"$titleclass\">".prepare4display(Security::remove_XSS($rows[$display_post_id]['post_title'], STUDENT))."</td>\n";
echo "\t</tr>\n";
// The post message

Write Preview
Loading…
Cancel
Save