[Fusionforge-commits] FusionForge branch Branch_5_3 updated. 770ec86c8221d63fbd0961c5001d34f6e92599b5

Franck VILLAUME nerville at fusionforge.org
Sun Feb 9 13:59:26 CET 2014


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "FusionForge".

The branch, Branch_5_3 has been updated
       via  770ec86c8221d63fbd0961c5001d34f6e92599b5 (commit)
      from  58750f0d1009832dd3ef824791c878e64572b7d9 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 770ec86c8221d63fbd0961c5001d34f6e92599b5
Author: Alain Peyrat <alain.peyrat at alcatel-lucent.com>
Date:   Thu Feb 6 16:23:16 2014 +0100

    Fix Cannot save block when tracker name contains special html chars

diff --git a/src/plugins/blocks/www/index.php b/src/plugins/blocks/www/index.php
index fd9b20b..901da6e 100644
--- a/src/plugins/blocks/www/index.php
+++ b/src/plugins/blocks/www/index.php
@@ -3,7 +3,7 @@
 /*
  * Copyright (C) 2006 Alain Peyrat, Alcatel-Lucent
  * Copyright (C) 2010 Alain Peyrat <aljeux at free.fr>
- * Copyright (C) 2012 Alain Peyrat - Alcatel-Lucent
+ * Copyright (C) 2012-2014 Alain Peyrat - Alcatel-Lucent
  *
  * This file is part of FusionForge.
  *
@@ -343,15 +343,15 @@ if ($type == 'admin') {
 			"</fieldset>";
 } elseif ($type == 'configure_post') {
 	$res = db_query_params('SELECT id FROM plugin_blocks WHERE group_id=$1 AND name=$2',
-			array($id,$name));
+			array($id, htmlspecialchars($name)));
 	if (db_numrows($res)== 0) {
 		db_query_params('INSERT INTO plugin_blocks (group_id, name, content)
 				VALUES ($1, $2, $3)',
-				array($id, $name, $body));
+				array($id, htmlspecialchars($name), $body));
 	} else {
 		db_query_params('UPDATE plugin_blocks SET content=$1
 				WHERE group_id=$2 AND name=$3',
-				array($body, $id, $name));
+				array($body, $id, htmlspecialchars($name)));
 	}
 	$msg = $name .' : '. _('Block configuration saved');
 	session_redirect('/plugins/blocks/index.php?id='.$id.'&type=admin&pluginname=blocks&feedback='.urlencode($msg));

-----------------------------------------------------------------------

Summary of changes:
 src/plugins/blocks/www/index.php |    8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)


hooks/post-receive
-- 
FusionForge



More information about the Fusionforge-commits mailing list