oqapi/webgui
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fixed: Cross site scripting issue on operation pages

Browse source
This commit is contained in:
Graham Knop 2008-10-06 15:49:30 +00:00
parent a877a505c4
commit d37ded3ddc
2 changed files with 3 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

1
docs/changelog/7.x.x.txt
View file

@ -20,6 +20,7 @@
- fixed: testEnvironment.pl can't find WebGUI modules after installing a prerequisite
- fixed: Combo box does not show possible values in Thingy (SDH Consulting
Group)
- fixed: Cross site scripting issue on operation pages
7.6.0
- added: users may now customize the post received page for the CS

4
lib/WebGUI/Session/Url.pm
View file

@ -437,8 +437,8 @@ sub page {
if ($useFullUrl) {
$url = $self->getSiteURL();
}
my $path = $self->session->asset ? $self->session->asset->get("url") : $self->getRequestedUrl;
$url .= $self->gateway($path, $pairs, $skipPreventProxyCache);
my $path = $self->session->asset ? $self->session->asset->get("url") : $self->escape($self->getRequestedUrl);
$url .= $self->gateway($path, $pairs, $skipPreventProxyCache);
return $url;
}