Fixed issue #8380: Minor XSS vulnerability in adminstration QA view a…

…nd survey overview
LimeSurvey · Dec 5, 2013 · b0955ce · b0955ce
1 parent b7796d8
commit b0955ce
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 4 deletions.
diff --git a/application/core/Survey_Common_Action.php b/application/core/Survey_Common_Action.php
@@ -729,11 +729,11 @@ function _surveysummary($iSurveyID, $action=null, $gid=null)
         }
         if ($surveyinfo['emailnotificationto'] != '')
         {
-            $surveysummary2 .= $clang->gT("Basic email notification is sent to:") . " {$surveyinfo['emailnotificationto']}<br />\n";
+            $surveysummary2 .= $clang->gT("Basic email notification is sent to:") .' '. htmlspecialchars($surveyinfo['emailnotificationto'])."<br />\n";
         }
         if ($surveyinfo['emailresponseto'] != '')
         {
-            $surveysummary2 .= $clang->gT("Detailed email notification with response data is sent to:") . " {$surveyinfo['emailresponseto']}<br />\n";
+            $surveysummary2 .= $clang->gT("Detailed email notification with response data is sent to:") .' '. htmlspecialchars($surveyinfo['emailresponseto'])."<br />\n";
         }
 
         $dateformatdetails = getDateFormatData(Yii::app()->session['dateformat']);

diff --git a/application/helpers/expressions/em_manager_helper.php b/application/helpers/expressions/em_manager_helper.php
@@ -8129,7 +8129,7 @@ static public function ShowSurveyLogicFile($sid, $gid=NULL, $qid=NULL,$LEMdebugL
                 }
             }
 
-            $out .= "<tr><th>#</th><th>".$LEM->gT('Name [ID]')."</th><th>".$LEM->gT('Relevance [Validation] (Default)')."</th><th>".$LEM->gT('Text [Help] (Tip)')."</th></tr>\n";
+            $out .= "<tr><th>#</th><th>".$LEM->gT('Name [ID]')."</th><th>".$LEM->gT('Relevance [Validation] (Default value)')."</th><th>".$LEM->gT('Text [Help] (Tip)')."</th></tr>\n";
 
             $_gseq=-1;
             foreach ($LEM->currentQset as $q) {
@@ -8181,7 +8181,7 @@ static public function ShowSurveyLogicFile($sid, $gid=NULL, $qid=NULL,$LEMdebugL
                     if ($LEM->em->HasErrors()) {
                         ++$errorCount;
                     }
-                    $default = '<br />(' . $LEM->gT('Default:') . '  ' . $_default . ')';
+                    $default = '<br />(' . $LEM->gT('Default:') . '  ' . htmlspecialchars($_default) . ')';
                 }
                 else
                 {