deblan/phpci
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

fixed XSS in user name and project name properties

Browse source
This commit is contained in:
born_free 2013-11-02 16:39:55 -07:00
parent e1d68bece7
commit 6b015d3106
8 changed files with 9 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
PHPCI/View/Build/view.phtml
View file

@ -7,7 +7,7 @@
<div class="col-lg-3">
<ul class="nav nav-pills nav-stacked">
<li><a href="<?= PHPCI_URL ?>"><i class="icon-home"></i> Dashboard</a></li>
<li><a href="<?= PHPCI_URL ?>project/view/<?php print $build->getProject()->getId(); ?>"><i class="icon-folder-open"></i> <?php print $build->getProject()->getTitle(); ?></a></li>
<li><a href="<?= PHPCI_URL ?>project/view/<?php print $build->getProject()->getId(); ?>"><i class="icon-folder-open"></i> <?php print htmlspecialchars($build->getProject()->getTitle()); ?></a></li>
</ul>
<h5>Options</h5>
<ul class="nav nav-pills nav-stacked">

2
PHPCI/View/BuildsTable.phtml
View file

@ -41,7 +41,7 @@ switch($build->getStatus())
<td><a href="<?= PHPCI_URL ?>project/view/<?php print $build->getProjectId(); ?>">
<?php
if (is_object($build->getProject())) {
print $build->getProject()->getTitle();
print htmlspecialchars($build->getProject()->getTitle());
} else {
print ' - ';
}

2
PHPCI/View/Home/index.phtml
View file

@ -11,7 +11,7 @@
<h5>Projects</h5>
<ul class="nav nav-pills nav-stacked">
<?php foreach($projects as $project): ?>
<li><a href="<?= PHPCI_URL ?>project/view/<?php print $project->getId(); ?>"><?php print $project->getTitle(); ?></a></li>
<li><a href="<?= PHPCI_URL ?>project/view/<?php print $project->getId(); ?>"><?php print htmlspecialchars($project->getTitle()); ?></a></li>
<?php endforeach; ?>
</ul>
<?php endif; ?>

4
PHPCI/View/Project/view.phtml
View file

@ -1,12 +1,12 @@
<div id="title">
<h1>Project: <?php print (is_object($project)) ? $project->getTitle() : ' - '; ?></h1>
<h1>Project: <?php print (is_object($project)) ? htmlspecialchars($project->getTitle()) : ' - '; ?></h1>
</div>
<div class="row">
<div class="col-lg-3">
<ul class="nav nav-pills nav-stacked">
<li><a href="<?= PHPCI_URL ?>"><i class="icon-home"></i> Dashboard</a></li>
<li><a href="<?= PHPCI_URL ?>project/view/<?php print $project->getId(); ?>"><i class="icon-folder-open"></i> <?php print $project->getTitle(); ?></a></li>
<li><a href="<?= PHPCI_URL ?>project/view/<?php print $project->getId(); ?>"><i class="icon-folder-open"></i> <?php print htmlspecialchars($project->getTitle()); ?></a></li>
</ul>
<h5>Options</h5>
<ul class="nav nav-pills nav-stacked">

2
PHPCI/View/SummaryTable.phtml
View file

@ -82,7 +82,7 @@ foreach($projects as $project):
<?= $health ?>
</span>
</td>
<td><a href='<?= PHPCI_URL ?>project/view/<?= $project->getId() ?>'><?= $project->getTitle() ?></a></td>
<td><a href='<?= PHPCI_URL ?>project/view/<?= $project->getId() ?>'><?= htmlspecialchars($project->getTitle()) ?></a></td>
<td><?php print is_null($success) ? 'Never' : $success; ?></td>
<td><?php print is_null($failure) ? 'Never' : $failure; ?></td>
<td>

2
PHPCI/View/User/index.phtml
View file

@ -40,7 +40,7 @@
?>
<tr class="<?php print $cls; ?>">
<td><a href="<?= PHPCI_URL ?>user/edit/<?php print $user->getId(); ?>"><?php print $user->getEmail(); ?></a></td>
<td><?php print $user->getName(); ?></td>
<td><?php print htmlspecialchars($user->getName()); ?></td>
<td><?php print $status; ?></td>
<td>
<?php if($this->User()->getIsAdmin()): ?>

2
PHPCI/View/UserForm.phtml
View file

@ -1,5 +1,5 @@
<div id="title">
<h1><?php print $type == 'add' ? 'Add User' : 'Edit ' . $user->getName() ?></h1>
<h1><?php print $type == 'add' ? 'Add User' : 'Edit ' . htmlspecialchars($user->getName()) ?></h1>
</div>
<div class="row">

2
PHPCI/View/layout.phtml
View file

@ -36,7 +36,7 @@
<div class="nav-collapse collapse navbar-responsive-collapse">
<ul class="nav navbar-nav pull-right">
<li><p class="navbar-text"><strong><?php print $this->User()->getName(); ?></strong></p></li>
<li><p class="navbar-text"><strong><?php print htmlspecialchars($this->User()->getName()); ?></strong></p></li>
<li><a href="<?php print PHPCI_URL ?>session/logout">Log out</a></li>
<?php if ($this->User()->getIsAdmin()): ?>
<li>