tonyair/silverstripe-cms
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-cms synced 2024-10-22 06:05:56 +00:00
Code Issues Projects Releases Wiki Activity

BUGFIX: Escape username and password when printed out in install success screen. FIXES: #6652 (via ash).

Browse Source
This commit is contained in:
Will Rossiter 2011-06-06 12:53:47 +12:00
parent 2a13fa2b85
commit e3ad632231
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
code/controller/ContentController.php
View File

@ -445,8 +445,8 @@ HTML;
$title = new Varchar("Title"); $title = new Varchar("Title");
$content = new HTMLText("Content"); $content = new HTMLText("Content");
$username = Session::get('username'); $username = Convert::raw2xml(Session::get('username'));
$password = Session::get('password'); $password = Convert::raw2xml(Session::get('password'));
$title->setValue("Installation Successful"); $title->setValue("Installation Successful");
global $project; global $project;
$tutorialOnly = ($project == 'tutorial') ? "<p>This website is a simplistic version of a SilverStripe 2 site. To extend this, please take a look at <a href=\"http://doc.silverstripe.org/doku.php?id=tutorials\">our new tutorials</a>.</p>" : ''; $tutorialOnly = ($project == 'tutorial') ? "<p>This website is a simplistic version of a SilverStripe 2 site. To extend this, please take a look at <a href=\"http://doc.silverstripe.org/doku.php?id=tutorials\">our new tutorials</a>.</p>" : '';
@ -474,8 +474,8 @@ HTML
$title = new Varchar("Title"); $title = new Varchar("Title");
$content = new HTMLText("Content"); $content = new HTMLText("Content");
$tempcontent = ''; $tempcontent = '';
$username = Session::get('username'); $username = Convert::raw2xml(Session::get('username'));
$password = Session::get('password'); $password = Convert::raw2xml(Session::get('password'));
// We can't delete index.php as it might be necessary for URL routing without mod_rewrite. // We can't delete index.php as it might be necessary for URL routing without mod_rewrite.
// There's no safe way to detect usage of mod_rewrite across webservers, // There's no safe way to detect usage of mod_rewrite across webservers,