Security - Fix possible XSS attack vector using teacher role - reported by Javier Bloem

11 years ago · dd9bcd64fe
parent 94706d7f99
commit dd9bcd64fe
2 changed files with 6 additions and 6 deletions
--- a/main/inc/lib/course.lib.php
+++ b/main/inc/lib/course.lib.php
@ -3372,7 +3372,7 @@ class CourseManager
                        $course['status'] = STUDENT;
                    }

-                    $params['icon'] = Display::return_icon('blackboard.png', $course_info['title'], array(), ICON_SIZE_LARGE);
+                    $params['icon'] = Display::return_icon('blackboard.png', api_htmlentities($course_info['title']), array(), ICON_SIZE_LARGE);

                    $params['right_actions'] = '';
                    if (api_is_platform_admin()) {
@ -3448,7 +3448,7 @@ class CourseManager
        while ($row = Database::fetch_array($result)) {
            // We simply display the title of the category.
            $params = array(
-               'icon' => Display::return_icon('folder_yellow.png', $row['title'], array(), ICON_SIZE_LARGE),
+               'icon' => Display::return_icon('folder_yellow.png', api_htmlentities($row['title']), array(), ICON_SIZE_LARGE),
               'title' => $row['title'],
               'class' => 'table_user_course_category'
            );
@ -3542,7 +3542,7 @@ class CourseManager
            $show_notification = Display::show_notification($course_info);

            // New code displaying the user's status in respect to this course.
-            $status_icon = Display::return_icon('blackboard.png', $course_info['title'], array(), ICON_SIZE_LARGE);
+            $status_icon = Display::return_icon('blackboard.png', api_htmlentities($course_info['title']), array(), ICON_SIZE_LARGE);

            $params = array();
            $params['right_actions'] = '';
@ -3741,7 +3741,7 @@ class CourseManager
        }

        $params = array();
-        $params['icon'] = Display::return_icon('blackboard_blue.png', $course_info['name'], array(), ICON_SIZE_LARGE);
+        $params['icon'] = Display::return_icon('blackboard_blue.png', api_htmlentities($course_info['name']), array(), ICON_SIZE_LARGE);
        $params['link'] = $session_url;
        $params['title'] = $session_title;

--- a/main/template/default/auth/courses_categories.php
+++ b/main/template/default/auth/courses_categories.php
@ -251,10 +251,10 @@ function display_thumbnail($course, $icon_title)
    echo '<div class="thumbnail">';
    if (api_get_setting('show_courses_descriptions_in_catalog') == 'true') {
        echo '<a class="ajax" href="'.api_get_path(WEB_CODE_PATH).'inc/ajax/course_home.ajax.php?a=show_course_information&amp;code='.$course['code'].'" title="'.$icon_title.'" rel="gb_page_center[778]">';
-        echo '<img src="'.$course_medium_image.'" alt="'.$title.'" />';
+        echo '<img src="'.$course_medium_image.'" alt="'.api_htmlentities($title).'" />';
        echo '</a>';
    } else {
-        echo '<img src="'.$course_medium_image.'" alt="'.$title.'"/>';
+        echo '<img src="'.$course_medium_image.'" alt="'.api_htmlentities($title).'"/>';
    }
    echo '</div>';  // thumbail
    echo '</div>';  // span2