tonyair/silverstripe-subsites
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-subsites synced 2024-10-22 09:05:55 +00:00
Code Issues Projects Releases Wiki Activity

BUGFIX: Removed XSS holes (from r94821)

Browse Source
This commit is contained in:
Tom Rix 2010-03-01 21:41:49 +00:00
parent bdf07e05c0
commit 9e17ce98aa
2 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
code/GroupSubsites.php
View File

@ -99,10 +99,10 @@ class GroupSubsites extends DataObjectDecorator implements PermissionProvider {
*/
function alternateTreeTitle() {
if($this->owner->AccessAllSubsites) {
return $this->owner->Title . ' <i>(global group)</i>';
return htmlspecialchars($this->owner->Title, ENT_QUOTES) . ' <i>(global group)</i>';
} else {
$subsites = Convert::raw2xml(implode(", ", $this->owner->Subsites()->column('Title')));
return $this->owner->Title . " <i>($subsites)</i>";
return htmlspecialchars($this->owner->Title) . " <i>($subsites)</i>";
}
}

4
code/LeftAndMainSubsites.php
View File

@ -20,7 +20,7 @@ class LeftAndMainSubsites extends Extension {
*/
function getCMSTreeTitle() {
$subsite = Subsite::currentSubSite();
return $subsite ? $subsite->Title : null;
return $subsite ? htmlspecialchars($subsite->Title, ENT_QUOTES) : 'Site Content';
}
function updatePageOptions(&$fields) {
@ -99,7 +99,7 @@ class LeftAndMainSubsites extends Extension {
foreach($list as $subsite) {
$selected = $subsite->ID == $currentSubsiteID ? ' selected="selected"' : '';
$output .= "\n<option value=\"{$subsite->ID}\"$selected>{$subsite->Title}</option>";
$output .= "\n<option value=\"{$subsite->ID}\"$selected>".htmlspecialchars($subsite->Title, ENT_QUOTES)."</option>";
}
$output .= '</select>';