oqapi/webgui
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

- fix: XSS Vulnerability in WikiPage titles

Browse source 
- Depricated the random array function in WebGUI::Utility in favor of 
   List::Utils per the WebGUI Best Practices.
This commit is contained in:
JT Smith 2007-01-17 05:23:03 +00:00
parent 945be4a2de
commit e42a744ed9
7 changed files with 38 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

1
lib/WebGUI/Asset/Post.pm
View file

@ -777,7 +777,6 @@ sub postProcess {
if ($self->getThread->getParent->get("addEditStampToPosts")) {
$data{content} .= "<p>\n\n --- (".$i18n->get('Edited_on')." ".$self->session->datetime->epochToHuman(undef,"%z %Z [GMT%O]")." ".$i18n->get('By')." ".$user->profileField("alias").") --- \n</p>";
}
$data{title} = WebGUI::HTML::filter($self->get("title"), "all");
$data{url} = $self->fixUrl($self->getThread->get("url")."/1") if ($self->isReply && $self->isNew);
$data{groupIdView} = $self->getThread->getParent->get("groupIdView");
$data{groupIdEdit} = $self->getThread->getParent->get("groupIdEdit");

1
lib/WebGUI/Asset/WikiPage.pm
View file

@ -239,7 +239,6 @@ sub processPropertiesFromFormPost {
isHidden => 1,
actionTakenBy => $self->session->user->userId,
actionTaken => $actionTaken,
title => WebGUI::HTML::filter($self->get("title"), "all"),
});
if ($self->getWiki->canAdminister) {

3
lib/WebGUI/Asset/Wobject/Poll.pm
View file

@ -12,6 +12,7 @@ package WebGUI::Asset::Wobject::Poll;
#-------------------------------------------------------------------
use strict;
use List::Util;
use WebGUI::Form;
use WebGUI::International;
use WebGUI::SQL;
@ -382,7 +383,7 @@ sub view {
push(@labels, $self->get('a'.$i));
}
}
randomizeArray(\@answers) if ($self->get("randomizeAnswers"));
@answers = List::Util::shuffle(@answers) if ($self->get("randomizeAnswers"));
$var{answer_loop} = \@answers;
if ($self->getValue('generateGraph')) {

3
lib/WebGUI/Asset/Wobject/Survey.pm
View file

@ -11,6 +11,7 @@ package WebGUI::Asset::Wobject::Survey;
#-------------------------------------------------------------------
use strict;
use List::Util;
use Tie::CPHash;
use WebGUI::HTMLForm;
use WebGUI::International;
@ -454,7 +455,7 @@ sub getRandomQuestionIds {
$where .= " and Survey_questionId not in (".$self->session->db->quoteAndJoin(\@usedQuestionIds).")";
}
my @questions = $self->session->db->buildArray("select Survey_questionId from Survey_question".$where);
randomizeArray(\@questions);
@questions = List::Util::shuffle(@questions);
return @questions;
}