Home My Page Projects FusionForge
Summary Activity Forums Tracker Lists News SCM Files Mediawiki Hudson/Jenkins

[#482] Sanitize headermenu entries in admin view

Date:
2012-07-26 09:32
Priority:
3
State:
Closed
Submitted by:
Marcel Baur (relish)
Assigned to:
Franck Villaume (nerville)
Resolution:
Accepted
Base branch:
none
Target Release:
5.3
Summary:
Sanitize headermenu entries in admin view

Detailed description
headermenu plugin data is not properly sanitized. Entries containing ">" or "<" characters screw up the HTML code of the headermenu admin view.

To reproduce, activate headermenu plugin and add an entry
URL: http://foo.bar
Displayed Name: <blink>Foo</blink> -> Bar
Description: <blink>Foo</blink> -> Bar

This patch adds htmlspecialchars() to shield from entries containing these characters.
It is against current head (rev 16038)
Message  ↓
Date: 2012-08-16 08:13
Sender: Franck Villaume

thanks for the patch.
fix in trunk r16081

Attachments:
Size Name Date By Download
1 KiBheadermenu_sanitize.diff2012-07-26 09:32relishheadermenu_sanitize.diff
Field Old Value Date By
status_idOpen2012-08-16 08:13nerville
close_dateNone2012-08-16 08:13nerville
assigned_tonone2012-08-16 08:13nerville
ResolutionNone2012-08-16 08:13nerville
File Added272: headermenu_sanitize.diff2012-07-26 09:32relish