Revision
2394
Author
dtm
Date
2010-04-27 12:18:07 -0400 (Tue, 27 Apr 2010)
Log Message
Fix for case 98981 - javascript injection in Pack name, reported by Jits.
Fix for javascript injection in tooltips.
Modified Paths
* trunk/app/helpers/application_helper.rb
<#trunkapphelpersapplication_helperrb>
* trunk/app/views/group_announcements/index.rhtml
<#trunkappviewsgroup_announcementsindexrhtml>
* trunk/app/views/networks/_announcements.rhtml
<#trunkappviewsnetworks_announcementsrhtml>
Diff
Modified: trunk/app/helpers/application_helper.rb (2393 => 2394)
--- trunk/app/helpers/application_helper.rb 2010-04-27 15:41:01 UTC (rev
2393)
+++ trunk/app/helpers/application_helper.rb 2010-04-27 16:18:07 UTC (rev
2394)
@@ -390,7 +390,7 @@
end
when "Pack"
if p = Pack.find(:first, :conditions => ["id = ?", contributableid])
- return link ? link_to(p.title, pack_url(p)) : h(p.title)
+ return link ? link_to(h(p.title), pack_url(p)) : h(p.title)
else
return nil
end
@@ -990,7 +990,7 @@
end
def tooltip_title_attrib(text, delay=200)
- return "header=[] body=[#{text}] cssheader=[boxoverTooltipHeader]
cssbody=[boxoverTooltipBody] delay=[#{delay}]"
+ return "header=[] body=[#{h(text)}] cssheader=[boxoverTooltipHeader]
cssbody=[boxoverTooltipBody] delay=[#{delay}]"
end
# This method checks to see if the current user is allowed to approve a
membership that is still pending approval
Modified: trunk/app/views/group_announcements/index.rhtml
(2393 => 2394)
--- trunk/app/views/group_announcements/index.rhtml 2010-04-27 15:41:01 UTC
(rev 2393)
+++ trunk/app/views/group_announcements/index.rhtml 2010-04-27 16:18:07 UTC
(rev 2394)
@@ -5,7 +5,7 @@
<% end %>
<h1>
- <%= feed_icon_tag "Group address@hidden Announcements",
formatted_group_announcements_path(@group, :rss) %>
+ <%= feed_icon_tag "Group #{h(@group.title)} Announcements",
formatted_group_announcements_path(@group, :rss) %>
<%= @group.announcements_in_public_mode_for_user(current_user) ? "Public " : "All
" -%> Group Announcements (<%= @announcements.length %>)
<br/>
<span style="font-size: 77%;">for group: <%= link_to_function h(@group.title) + expand_image,
visual_effect(:toggle_blind, "group_box", :duration => 0.3) -%></span>
Modified: trunk/app/views/networks/_announcements.rhtml (2393
=> 2394)
--- trunk/app/views/networks/_announcements.rhtml 2010-04-27 15:41:01 UTC
(rev 2393)
+++ trunk/app/views/networks/_announcements.rhtml 2010-04-27 16:18:07 UTC
(rev 2394)
@@ -6,7 +6,7 @@
<p class="heading" style="margin: 0;">
<span style="position: relative; z-index: 1000; float: left;">
- <%= feed_icon_tag "#{group.title} Group Announcements",
formatted_group_announcements_path(group, :rss) -%>
+ <%= feed_icon_tag "#{h(group.title)} Group Announcements",
formatted_group_announcements_path(group, :rss) -%>
</span>
<a name="group_announcements"></a>
<%= link_to "Announcements", group_announcements_url(group) -%>
------------------------------------------------------------------------
_______________________________________________
myexperiment-hackers mailing list
address@hidden
http://lists.nongnu.org/mailman/listinfo/myexperiment-hackers