[Fusionforge-commits] FusionForge branch master updated. e5a2f4baf329c2d58199fcd172e9e4209b27701c

Alain Peyrat aljeux at fusionforge.org
Thu Feb 6 16:23:29 CET 2014


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "FusionForge".

The branch, master has been updated
       via  e5a2f4baf329c2d58199fcd172e9e4209b27701c (commit)
      from  14b41ca00a59f52a1729a4df67668cdc994f57fe (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit e5a2f4baf329c2d58199fcd172e9e4209b27701c
Author: Alain Peyrat <alain.peyrat at alcatel-lucent.com>
Date:   Thu Feb 6 16:23:16 2014 +0100

    Fix Cannot save block when tracker name contains special html chars

diff --git a/src/plugins/blocks/www/index.php b/src/plugins/blocks/www/index.php
index aee2d2b..8d57c85 100644
--- a/src/plugins/blocks/www/index.php
+++ b/src/plugins/blocks/www/index.php
@@ -3,7 +3,7 @@
 /*
  * Copyright (C) 2006 Alain Peyrat, Alcatel-Lucent
  * Copyright (C) 2010 Alain Peyrat <aljeux at free.fr>
- * Copyright (C) 2012 Alain Peyrat - Alcatel-Lucent
+ * Copyright (C) 2012-2014 Alain Peyrat - Alcatel-Lucent
  *
  * This file is part of FusionForge.
  *
@@ -343,15 +343,15 @@ if ($type == 'admin') {
 			"</fieldset>";
 } elseif ($type == 'configure_post') {
 	$res = db_query_params('SELECT id FROM plugin_blocks WHERE group_id=$1 AND name=$2',
-			array($id,$name));
+			array($id, htmlspecialchars($name)));
 	if (db_numrows($res)== 0) {
 		db_query_params('INSERT INTO plugin_blocks (group_id, name, content)
 				VALUES ($1, $2, $3)',
-				array($id, $name, $body));
+				array($id, htmlspecialchars($name), $body));
 	} else {
 		db_query_params('UPDATE plugin_blocks SET content=$1
 				WHERE group_id=$2 AND name=$3',
-				array($body, $id, $name));
+				array($body, $id, htmlspecialchars($name)));
 	}
 	$msg = $name .' : '. _('Block configuration saved');
 	session_redirect('/plugins/blocks/index.php?id='.$id.'&type=admin&pluginname=blocks&feedback='.urlencode($msg));

-----------------------------------------------------------------------

Summary of changes:
 src/plugins/blocks/www/index.php |    8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)


hooks/post-receive
-- 
FusionForge



More information about the Fusionforge-commits mailing list