[myexperiment-hackers] [2394] trunk/app: Fix for case 98981

[myexperiment-hackers] [2394] trunk/app: Fix for case 98981 - javascript

From:

noreply

Subject:

[myexperiment-hackers] [2394] trunk/app: Fix for case 98981 - javascript injection in Pack name, reported by Jits.

Date:

Tue, 27 Apr 2010 12:18:08 -0400 (EDT)

Revision: 2394
Author: dtm
Date: 2010-04-27 12:18:07 -0400 (Tue, 27 Apr 2010)

Log Message

Fix for case 98981 - _javascript_ injection in Pack name, reported by Jits.
Fix for _javascript_ injection in tooltips.

Modified Paths

trunk/app/helpers/application_helper.rb
trunk/app/views/group_announcements/index.rhtml
trunk/app/views/networks/_announcements.rhtml

Diff

Modified: trunk/app/helpers/application_helper.rb (2393 => 2394)


--- trunk/app/helpers/application_helper.rb	2010-04-27 15:41:01 UTC (rev 2393)
+++ trunk/app/helpers/application_helper.rb	2010-04-27 16:18:07 UTC (rev 2394)
@@ -390,7 +390,7 @@
       end
     when "Pack"
       if p = Pack.find(:first, :conditions => ["id = ?", contributableid])
-        return link ? link_to(p.title, pack_url(p)) : h(p.title)
+        return link ? link_to(h(p.title), pack_url(p)) : h(p.title)
       else
         return nil
       end
@@ -990,7 +990,7 @@
   end
   
   def tooltip_title_attrib(text, delay=200)
-    return "header=[] body=[#{text}] cssheader=[boxoverTooltipHeader] cssbody=[boxoverTooltipBody] delay=[#{delay}]"
+    return "header=[] body=[#{h(text)}] cssheader=[boxoverTooltipHeader] cssbody=[boxoverTooltipBody] delay=[#{delay}]"
   end
   
   # This method checks to see if the current user is allowed to approve a membership that is still pending approval

Modified: trunk/app/views/group_announcements/index.rhtml (2393 => 2394)


--- trunk/app/views/group_announcements/index.rhtml	2010-04-27 15:41:01 UTC (rev 2393)
+++ trunk/app/views/group_announcements/index.rhtml	2010-04-27 16:18:07 UTC (rev 2394)
@@ -5,7 +5,7 @@
 <% end %>
 
 <h1>
-	<%= feed_icon_tag "Group address@hidden Announcements", formatted_group_announcements_path(@group, :rss) %>
+	<%= feed_icon_tag "Group #{h(@group.title)} Announcements", formatted_group_announcements_path(@group, :rss) %>
 	<%= @group.announcements_in_public_mode_for_user(current_user) ? "Public " : "All " -%> Group Announcements (<%= @announcements.length %>)
 	<br/>
 	<span style="font-size: 77%;">for group: <%= link_to_function h(@group.title) + expand_image, visual_effect(:toggle_blind, "group_box", :duration => 0.3) -%></span>

Modified: trunk/app/views/networks/_announcements.rhtml (2393 => 2394)


--- trunk/app/views/networks/_announcements.rhtml	2010-04-27 15:41:01 UTC (rev 2393)
+++ trunk/app/views/networks/_announcements.rhtml	2010-04-27 16:18:07 UTC (rev 2394)
@@ -6,7 +6,7 @@
 	
 	<p class="heading" style="margin: 0;">
 		<span style="position: relative; z-index: 1000; float: left;">
-			<%= feed_icon_tag "#{group.title} Group Announcements", formatted_group_announcements_path(group, :rss) -%>
+			<%= feed_icon_tag "#{h(group.title)} Group Announcements", formatted_group_announcements_path(group, :rss) -%>
 		</span>
 		<a name="group_announcements"></a>
 		<%= link_to "Announcements", group_announcements_url(group) -%>

[Prev in Thread]

Current Thread

[Next in Thread]