[interchange-cvs] interchange - heins modified code/Widget/country_select.widget

interchange-cvs at icdevgroup.org interchange-cvs at icdevgroup.org
Fri Jul 18 21:00:27 UTC 2008


User:      heins
Date:      2008-07-18 21:00:27 GMT
Modified:  code/Widget Tag: STABLE_5_6-branch country_select.widget
Log:
* Prevent cross-site scripting problem. Found and fixed by Josh Lavin
  of Perusion.

Revision  Changes    Path
No                   revision



No                   revision



1.10.2.1             interchange/code/Widget/country_select.widget


rev 1.10.2.1, prev_rev 1.10
Index: country_select.widget
===================================================================
RCS file: /var/cvs/interchange/code/Widget/country_select.widget,v
retrieving revision 1.10
retrieving revision 1.10.2.1
diff -u -r1.10 -r1.10.2.1
--- country_select.widget	30 Mar 2007 23:40:58 -0000	1.10
+++ country_select.widget	18 Jul 2008 21:00:27 -0000	1.10.2.1
@@ -5,7 +5,7 @@
 # the Free Software Foundation; either version 2 of the License, or
 # (at your option) any later version.  See the LICENSE file for details.
 # 
-# $Id: country_select.widget,v 1.10 2007-03-30 23:40:58 pajamian Exp $
+# $Id: country_select.widget,v 1.10.2.1 2008-07-18 21:00:27 mheins Exp $
 
 CodeDef state_select  Widget  1
 CodeDef state_select  Description State (needs country_select)
@@ -246,6 +246,7 @@
 EOF
 
 	my $sval = $CGI::values{$svar} || $::Values->{$svar};
+	$sval = HTML::Entities::encode($sval, $ESCAPE_CHARS::std);
 	$sval = $Tag->jsq($sval) || "''";
 	my $fname = $opt->{form_name} || 'nevairbe';
 







More information about the interchange-cvs mailing list