projects
/
freeside.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
f7e1a87
)
backport from 3.3-TESTING to fix XSS on ticket lists
author
ivan
<ivan>
Mon, 20 Dec 2004 11:29:16 +0000
(11:29 +0000)
committer
ivan
<ivan>
Mon, 20 Dec 2004 11:29:16 +0000
(11:29 +0000)
rt/html/Elements/CollectionAsTable/Row
patch
|
blob
|
history
diff --git
a/rt/html/Elements/CollectionAsTable/Row
b/rt/html/Elements/CollectionAsTable/Row
index
926317b
..
701966f
100644
(file)
--- a/
rt/html/Elements/CollectionAsTable/Row
+++ b/
rt/html/Elements/CollectionAsTable/Row
@@
-54,9
+54,16
@@
foreach my $column (@Format) {
my $value = $m->comp('/Elements/RT__Ticket/ColumnMap', Name => $col, Attr => 'value');
if ( $value && ref($value)) {
my $value = $m->comp('/Elements/RT__Ticket/ColumnMap', Name => $col, Attr => 'value');
if ( $value && ref($value)) {
- $m->out( &{ $value } ( $record, $i ) );
+ # All HTML snippets are returned by the callback function
+ # as scalar references. Data fetched from the objects are
+ # plain scalars, and needs to be escaped properly.
+ $m->out(
+ map { ref($_) ? $$_ : $m->interp->apply_escapes( $_ => 'h' ) }
+ &{ $value } ( $record, $i )
+ );
} else {
} else {
- $m->out($value );
+ # Simple value; just escape it.
+ $m->out( $m->interp->apply_escapes( $value => 'h' ) );
}
}
else {
}
}
else {