[Fusionforge-commits] FusionForge branch Branch_5_3 updated. 770ec86c8221d63fbd0961c5001d34f6e92599b5
Franck VILLAUME
nerville at fusionforge.org
Sun Feb 9 13:59:26 CET 2014
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "FusionForge".
The branch, Branch_5_3 has been updated
via 770ec86c8221d63fbd0961c5001d34f6e92599b5 (commit)
from 58750f0d1009832dd3ef824791c878e64572b7d9 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 770ec86c8221d63fbd0961c5001d34f6e92599b5
Author: Alain Peyrat <alain.peyrat at alcatel-lucent.com>
Date: Thu Feb 6 16:23:16 2014 +0100
Fix Cannot save block when tracker name contains special html chars
diff --git a/src/plugins/blocks/www/index.php b/src/plugins/blocks/www/index.php
index fd9b20b..901da6e 100644
--- a/src/plugins/blocks/www/index.php
+++ b/src/plugins/blocks/www/index.php
@@ -3,7 +3,7 @@
/*
* Copyright (C) 2006 Alain Peyrat, Alcatel-Lucent
* Copyright (C) 2010 Alain Peyrat <aljeux at free.fr>
- * Copyright (C) 2012 Alain Peyrat - Alcatel-Lucent
+ * Copyright (C) 2012-2014 Alain Peyrat - Alcatel-Lucent
*
* This file is part of FusionForge.
*
@@ -343,15 +343,15 @@ if ($type == 'admin') {
"</fieldset>";
} elseif ($type == 'configure_post') {
$res = db_query_params('SELECT id FROM plugin_blocks WHERE group_id=$1 AND name=$2',
- array($id,$name));
+ array($id, htmlspecialchars($name)));
if (db_numrows($res)== 0) {
db_query_params('INSERT INTO plugin_blocks (group_id, name, content)
VALUES ($1, $2, $3)',
- array($id, $name, $body));
+ array($id, htmlspecialchars($name), $body));
} else {
db_query_params('UPDATE plugin_blocks SET content=$1
WHERE group_id=$2 AND name=$3',
- array($body, $id, $name));
+ array($body, $id, htmlspecialchars($name)));
}
$msg = $name .' : '. _('Block configuration saved');
session_redirect('/plugins/blocks/index.php?id='.$id.'&type=admin&pluginname=blocks&feedback='.urlencode($msg));
-----------------------------------------------------------------------
Summary of changes:
src/plugins/blocks/www/index.php | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
hooks/post-receive
--
FusionForge
More information about the Fusionforge-commits
mailing list