input sanitation issues on multiple form field inputs

Comments (3)

christopher hernandez reporter

also, this is the current version in the virtual appliance build 0.1.24-master-branch build 836

Janos SUTO repo owner

Sure, send the details to me, see my address in "piler -V" output.

Janos SUTO repo owner

It appears that there's indeed an xss issue. To fix it do the following:

#1. Edit system/misc.php, and locate the AUDIT() function definition, then add the following line:

$description = htmlspecialchars($description);

before this line:

$query = $db->query("INSERT ...

#2. Edit both view/theme/default/templates/search/load.tpl and view/theme/mobile/templates/search/load.tpl, and replace

print $s['search'];

with

print htmlspecialchars($s['search']);

Or you may upgrade to the master branch.

christopher hernandez reporter
also, this is the current version in the virtual appliance build 0.1.24-master-branch build 836
- 2014-08-08T19:44:53+00:00
Janos SUTO repo owner
Sure, send the details to me, see my address in "piler -V" output.
- 2014-08-08T19:47:55+00:00
Janos SUTO repo owner
- changed status to resolved
It appears that there's indeed an xss issue. To fix it do the following:

#1. Edit system/misc.php, and locate the AUDIT() function definition, then add the following line:
```
$description = htmlspecialchars($description);
```
before this line:
```
$query = $db->query("INSERT ...
```
#2. Edit both view/theme/default/templates/search/load.tpl and view/theme/mobile/templates/search/load.tpl, and replace
```
print $s['search'];
```
with
```
print htmlspecialchars($s['search']);
```
Or you may upgrade to the master branch.
- 2014-08-11T08:38:48+00:00
Log in to comment