fixed XSS in user name and project name properties
This commit is contained in:
parent
e1d68bece7
commit
6b015d3106
|
@ -7,7 +7,7 @@
|
|||
<div class="col-lg-3">
|
||||
<ul class="nav nav-pills nav-stacked">
|
||||
<li><a href="<?= PHPCI_URL ?>"><i class="icon-home"></i> Dashboard</a></li>
|
||||
<li><a href="<?= PHPCI_URL ?>project/view/<?php print $build->getProject()->getId(); ?>"><i class="icon-folder-open"></i> <?php print $build->getProject()->getTitle(); ?></a></li>
|
||||
<li><a href="<?= PHPCI_URL ?>project/view/<?php print $build->getProject()->getId(); ?>"><i class="icon-folder-open"></i> <?php print htmlspecialchars($build->getProject()->getTitle()); ?></a></li>
|
||||
</ul>
|
||||
<h5>Options</h5>
|
||||
<ul class="nav nav-pills nav-stacked">
|
||||
|
|
|
@ -41,7 +41,7 @@ switch($build->getStatus())
|
|||
<td><a href="<?= PHPCI_URL ?>project/view/<?php print $build->getProjectId(); ?>">
|
||||
<?php
|
||||
if (is_object($build->getProject())) {
|
||||
print $build->getProject()->getTitle();
|
||||
print htmlspecialchars($build->getProject()->getTitle());
|
||||
} else {
|
||||
print ' - ';
|
||||
}
|
||||
|
|
|
@ -11,7 +11,7 @@
|
|||
<h5>Projects</h5>
|
||||
<ul class="nav nav-pills nav-stacked">
|
||||
<?php foreach($projects as $project): ?>
|
||||
<li><a href="<?= PHPCI_URL ?>project/view/<?php print $project->getId(); ?>"><?php print $project->getTitle(); ?></a></li>
|
||||
<li><a href="<?= PHPCI_URL ?>project/view/<?php print $project->getId(); ?>"><?php print htmlspecialchars($project->getTitle()); ?></a></li>
|
||||
<?php endforeach; ?>
|
||||
</ul>
|
||||
<?php endif; ?>
|
||||
|
|
|
@ -1,12 +1,12 @@
|
|||
<div id="title">
|
||||
<h1>Project: <?php print (is_object($project)) ? $project->getTitle() : ' - '; ?></h1>
|
||||
<h1>Project: <?php print (is_object($project)) ? htmlspecialchars($project->getTitle()) : ' - '; ?></h1>
|
||||
</div>
|
||||
|
||||
<div class="row">
|
||||
<div class="col-lg-3">
|
||||
<ul class="nav nav-pills nav-stacked">
|
||||
<li><a href="<?= PHPCI_URL ?>"><i class="icon-home"></i> Dashboard</a></li>
|
||||
<li><a href="<?= PHPCI_URL ?>project/view/<?php print $project->getId(); ?>"><i class="icon-folder-open"></i> <?php print $project->getTitle(); ?></a></li>
|
||||
<li><a href="<?= PHPCI_URL ?>project/view/<?php print $project->getId(); ?>"><i class="icon-folder-open"></i> <?php print htmlspecialchars($project->getTitle()); ?></a></li>
|
||||
</ul>
|
||||
<h5>Options</h5>
|
||||
<ul class="nav nav-pills nav-stacked">
|
||||
|
|
|
@ -82,7 +82,7 @@ foreach($projects as $project):
|
|||
<?= $health ?>
|
||||
</span>
|
||||
</td>
|
||||
<td><a href='<?= PHPCI_URL ?>project/view/<?= $project->getId() ?>'><?= $project->getTitle() ?></a></td>
|
||||
<td><a href='<?= PHPCI_URL ?>project/view/<?= $project->getId() ?>'><?= htmlspecialchars($project->getTitle()) ?></a></td>
|
||||
<td><?php print is_null($success) ? 'Never' : $success; ?></td>
|
||||
<td><?php print is_null($failure) ? 'Never' : $failure; ?></td>
|
||||
<td>
|
||||
|
|
|
@ -40,7 +40,7 @@
|
|||
?>
|
||||
<tr class="<?php print $cls; ?>">
|
||||
<td><a href="<?= PHPCI_URL ?>user/edit/<?php print $user->getId(); ?>"><?php print $user->getEmail(); ?></a></td>
|
||||
<td><?php print $user->getName(); ?></td>
|
||||
<td><?php print htmlspecialchars($user->getName()); ?></td>
|
||||
<td><?php print $status; ?></td>
|
||||
<td>
|
||||
<?php if($this->User()->getIsAdmin()): ?>
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
<div id="title">
|
||||
<h1><?php print $type == 'add' ? 'Add User' : 'Edit ' . $user->getName() ?></h1>
|
||||
<h1><?php print $type == 'add' ? 'Add User' : 'Edit ' . htmlspecialchars($user->getName()) ?></h1>
|
||||
</div>
|
||||
|
||||
<div class="row">
|
||||
|
|
|
@ -36,7 +36,7 @@
|
|||
|
||||
<div class="nav-collapse collapse navbar-responsive-collapse">
|
||||
<ul class="nav navbar-nav pull-right">
|
||||
<li><p class="navbar-text"><strong><?php print $this->User()->getName(); ?></strong></p></li>
|
||||
<li><p class="navbar-text"><strong><?php print htmlspecialchars($this->User()->getName()); ?></strong></p></li>
|
||||
<li><a href="<?php print PHPCI_URL ?>session/logout">Log out</a></li>
|
||||
<?php if ($this->User()->getIsAdmin()): ?>
|
||||
<li>
|
||||
|
|
Loading…
Reference in a new issue