[Piwik-svn] r383 - trunk/modules
svnmaster at piwik.org
svnmaster at piwik.org
Mon Mar 17 17:09:02 CET 2008
Author: matt
Date: 2008-03-17 17:09:00 +0100 (Mon, 17 Mar 2008)
New Revision: 383
Modified:
trunk/modules/ViewDataTable.php
Log:
- fix #78 Thanks for your help on this Draicone. Added addslashes() to the values printed in the JS footer of the datatables
Modified: trunk/modules/ViewDataTable.php
===================================================================
--- trunk/modules/ViewDataTable.php 2008-03-17 15:41:46 UTC (rev 382)
+++ trunk/modules/ViewDataTable.php 2008-03-17 16:09:00 UTC (rev 383)
@@ -303,6 +303,14 @@
$javascriptVariablesToSet['show_exclude_low_population'] = $this->getExcludeLowPopulation();
$javascriptVariablesToSet['enable_sort'] = $this->getSort();
+ // we escape the values that will be displayed in the javascript footer of each datatable
+ // to make sure there is malicious code injected (the value are already htmlspecialchar'ed as they
+ // are loaded with Piwik_Common::getRequestVar()
+ foreach($javascriptVariablesToSet as &$value)
+ {
+ $value = addslashes($value);
+ }
+
return $javascriptVariablesToSet;
}
More information about the Piwik-svn
mailing list