[interchange-cvs] interchange - heins modified code/Widget/country_select.widget
interchange-cvs at icdevgroup.org
interchange-cvs at icdevgroup.org
Fri Jul 18 21:00:27 UTC 2008
User: heins
Date: 2008-07-18 21:00:27 GMT
Modified: code/Widget Tag: STABLE_5_6-branch country_select.widget
Log:
* Prevent cross-site scripting problem. Found and fixed by Josh Lavin
of Perusion.
Revision Changes Path
No revision
No revision
1.10.2.1 interchange/code/Widget/country_select.widget
rev 1.10.2.1, prev_rev 1.10
Index: country_select.widget
===================================================================
RCS file: /var/cvs/interchange/code/Widget/country_select.widget,v
retrieving revision 1.10
retrieving revision 1.10.2.1
diff -u -r1.10 -r1.10.2.1
--- country_select.widget 30 Mar 2007 23:40:58 -0000 1.10
+++ country_select.widget 18 Jul 2008 21:00:27 -0000 1.10.2.1
@@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version. See the LICENSE file for details.
#
-# $Id: country_select.widget,v 1.10 2007-03-30 23:40:58 pajamian Exp $
+# $Id: country_select.widget,v 1.10.2.1 2008-07-18 21:00:27 mheins Exp $
CodeDef state_select Widget 1
CodeDef state_select Description State (needs country_select)
@@ -246,6 +246,7 @@
EOF
my $sval = $CGI::values{$svar} || $::Values->{$svar};
+ $sval = HTML::Entities::encode($sval, $ESCAPE_CHARS::std);
$sval = $Tag->jsq($sval) || "''";
my $fname = $opt->{form_name} || 'nevairbe';
More information about the interchange-cvs
mailing list