[Fusionforge-commits] FusionForge branch master updated. e5a2f4baf329c2d58199fcd172e9e4209b27701c
Alain Peyrat
aljeux at fusionforge.org
Thu Feb 6 16:23:29 CET 2014
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "FusionForge".
The branch, master has been updated
via e5a2f4baf329c2d58199fcd172e9e4209b27701c (commit)
from 14b41ca00a59f52a1729a4df67668cdc994f57fe (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit e5a2f4baf329c2d58199fcd172e9e4209b27701c
Author: Alain Peyrat <alain.peyrat at alcatel-lucent.com>
Date: Thu Feb 6 16:23:16 2014 +0100
Fix Cannot save block when tracker name contains special html chars
diff --git a/src/plugins/blocks/www/index.php b/src/plugins/blocks/www/index.php
index aee2d2b..8d57c85 100644
--- a/src/plugins/blocks/www/index.php
+++ b/src/plugins/blocks/www/index.php
@@ -3,7 +3,7 @@
/*
* Copyright (C) 2006 Alain Peyrat, Alcatel-Lucent
* Copyright (C) 2010 Alain Peyrat <aljeux at free.fr>
- * Copyright (C) 2012 Alain Peyrat - Alcatel-Lucent
+ * Copyright (C) 2012-2014 Alain Peyrat - Alcatel-Lucent
*
* This file is part of FusionForge.
*
@@ -343,15 +343,15 @@ if ($type == 'admin') {
"</fieldset>";
} elseif ($type == 'configure_post') {
$res = db_query_params('SELECT id FROM plugin_blocks WHERE group_id=$1 AND name=$2',
- array($id,$name));
+ array($id, htmlspecialchars($name)));
if (db_numrows($res)== 0) {
db_query_params('INSERT INTO plugin_blocks (group_id, name, content)
VALUES ($1, $2, $3)',
- array($id, $name, $body));
+ array($id, htmlspecialchars($name), $body));
} else {
db_query_params('UPDATE plugin_blocks SET content=$1
WHERE group_id=$2 AND name=$3',
- array($body, $id, $name));
+ array($body, $id, htmlspecialchars($name)));
}
$msg = $name .' : '. _('Block configuration saved');
session_redirect('/plugins/blocks/index.php?id='.$id.'&type=admin&pluginname=blocks&feedback='.urlencode($msg));
-----------------------------------------------------------------------
Summary of changes:
src/plugins/blocks/www/index.php | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
hooks/post-receive
--
FusionForge
More information about the Fusionforge-commits
mailing list