tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 12:05:37 +00:00
Code Issues Projects Releases Wiki Activity

#2135 - Disallow XSS bug in development RestfulService use

Browse Source 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@65287 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Sam Minnee 2008-11-05 05:04:32 +00:00
parent f3419bf046
commit 486ae69f09
2 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
dev/Debug.php
View File

@ -532,9 +532,9 @@ class Debug {
} else { } else {
$name = self::full_func_name($item,true); $name = self::full_func_name($item,true);
} }
$result .= "<li><b>" . $name . "</b>\n<br />\n"; $result .= "<li><b>" . htmlentities($name) . "</b>\n<br />\n";
$result .= isset($item['line']) ? "Line $item[line] of " : ''; $result .= isset($item['line']) ? "Line $item[line] of " : '';
$result .= isset($item['file']) ? basename($item['file']) : ''; $result .= isset($item['file']) ? htmlentities(basename($item['file'])) : '';
$result .= "</li>\n"; $result .= "</li>\n";
} }
} }

4
dev/DebugView.php
View File

@ -96,8 +96,8 @@ class DebugView {
*/ */
public function writeInfo($title, $subtitle, $description=false) { public function writeInfo($title, $subtitle, $description=false) {
echo '<div class="info">'; echo '<div class="info">';
echo "<h1>$title</h1>"; echo "<h1>" . Convert::raw2xml($title) . "</h1>";
echo "<h3>$subtitle</h3>"; echo "<h3>" . Convert::raw2xml($subtitle) . "</h3>";
if ($description) { if ($description) {
echo "<p>$description</p>"; echo "<p>$description</p>";
} else { } else {