[Piwik-svn] r357 - trunk/plugins/SitesManager
svnmaster at piwik.org
svnmaster at piwik.org
Mon Mar 10 23:49:22 CET 2008
Author: matt
Date: 2008-03-10 23:49:21 +0100 (Mon, 10 Mar 2008)
New Revision: 357
Modified:
trunk/plugins/SitesManager/API.php
Log:
security update :)
Modified: trunk/plugins/SitesManager/API.php
===================================================================
--- trunk/plugins/SitesManager/API.php 2008-03-10 22:36:16 UTC (rev 356)
+++ trunk/plugins/SitesManager/API.php 2008-03-10 22:49:21 UTC (rev 357)
@@ -42,11 +42,15 @@
*/
static public function getJavascriptTag( $idSite, $piwikUrl = '', $actionName = '')
{
- $actionName = "'$actionName'";
+ Piwik::checkUserHasViewAccess($idSite);
+
+ $actionName = "'".addslashes(Piwik_Common::sanitizeInputValues($actionName))."'";
if(empty($piwikUrl))
{
$piwikUrl = Piwik_Url::getCurrentUrlWithoutFileName();
}
+ $piwikUrl = addslashes(Piwik_Common::sanitizeInputValues($piwikUrl));
+
$htmlEncoded = Piwik::getJavascriptCode($idSite, $piwikUrl, $actionName);
$htmlEncoded = str_replace(array('<br>','<br />','<br/>'), '', $htmlEncoded);
return html_entity_decode($htmlEncoded);
More information about the Piwik-svn
mailing list