Fixed issue: #7160: Impossible submit page with some email validation

Dev: sanitize_html_string replace -/+ .... by html entities, the use minimum for XSS security
LimeSurvey · Jan 14, 2013 · 49f6a17 · 49f6a17
1 parent ab47468
commit 49f6a17
Show file tree

Hide file tree

Showing 7 changed files with 7 additions and 7 deletions.
diff --git a/application/modules/CheckQuestion.php b/application/modules/CheckQuestion.php
@@ -589,7 +589,7 @@ public function getVarAttributeLEM($sgqa,$value)
     {
         if (preg_match('/other$/',$sgqa))
         {
-            return sanitize_html_string(parent::getVarAttributeLEM($sgqa,$value));
+            return htmlspecialchars(parent::getVarAttributeLEM($sgqa,$value),ENT_NOQUOTES);
         }
         else
         {

diff --git a/application/modules/CommentCheckQuestion.php b/application/modules/CommentCheckQuestion.php
@@ -320,7 +320,7 @@ public function getVarAttributeLEM($sgqa,$value)
     {
         if (preg_match('/comment$/',$sgqa))
         {
-            return sanitize_html_string(parent::getVarAttributeLEM($sgqa,$value));
+            return htmlspecialchars(parent::getVarAttributeLEM($sgqa,$value),ENT_NOQUOTES);
         }
         else
         {

diff --git a/application/modules/CommentListQuestion.php b/application/modules/CommentListQuestion.php
@@ -291,7 +291,7 @@ public function getVarAttributeLEM($sgqa,$value)
     {
         if (preg_match('/comment$/',$sgqa))
         {
-            return sanitize_html_string(parent::getVarAttributeLEM($sgqa,$value));
+            return htmlspecialchars(parent::getVarAttributeLEM($sgqa,$value),ENT_NOQUOTES);
         }
         else
         {

diff --git a/application/modules/ListQuestion.php b/application/modules/ListQuestion.php
@@ -600,7 +600,7 @@ public function getVarAttributeLEM($sgqa,$value)
     {
         if (preg_match('/other$/',$sgqa))
         {
-            return sanitize_html_string(parent::getVarAttributeLEM($sgqa,$value));
+            return htmlspecialchars(parent::getVarAttributeLEM($sgqa,$value),ENT_NOQUOTES);
         }
         else
         {

diff --git a/application/modules/MultitextQuestion.php b/application/modules/MultitextQuestion.php
@@ -421,7 +421,7 @@ public function questionProperties($prop = false)
 
     public function getVarAttributeLEM($sgqa,$value)
     {
-        return sanitize_html_string(parent::getVarAttributeLEM($sgqa,$value));
+        return htmlspecialchars(parent::getVarAttributeLEM($sgqa,$value),ENT_NOQUOTES);
     }
 
 }

diff --git a/application/modules/TextArrayQuestion.php b/application/modules/TextArrayQuestion.php
@@ -732,7 +732,7 @@ public function questionProperties($prop = false)
 
     public function getVarAttributeLEM($sgqa,$value)
     {
-        return sanitize_html_string(parent::getVarAttributeLEM($sgqa,$value));
+        return htmlspecialchars(parent::getVarAttributeLEM($sgqa,$value),ENT_NOQUOTES);
     }
 
 }

diff --git a/application/modules/TextQuestion.php b/application/modules/TextQuestion.php
@@ -88,7 +88,7 @@ public function getTypeHelp($language)
 
     public function getVarAttributeLEM($sgqa,$value)
     {
-        return sanitize_html_string(parent::getVarAttributeLEM($sgqa,$value));
+        return htmlspecialchars(parent::getVarAttributeLEM($sgqa,$value),ENT_NOQUOTES);
     }
 
 }