Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fixed issue: XSS reflection in CPDB and global settings
  • Loading branch information
c-schmitz committed Jul 2, 2014
1 parent 9938bcd commit d23fbbd
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion application/controllers/admin/participantsaction.php
Expand Up @@ -835,7 +835,7 @@ function getParticipants_json($search = null)
*/
function getAttribute_json()
{
$iParticipantId = Yii::app()->request->getQuery('pid');
$iParticipantId = strip_tags(Yii::app()->request->getQuery('pid'));
$records = ParticipantAttributeName::model()->getParticipantVisibleAttribute($iParticipantId);
$records = subval_sort($records, "attribute_name", "asc");

Expand Down
2 changes: 1 addition & 1 deletion application/views/admin/globalSettings_view.php
Expand Up @@ -361,7 +361,7 @@

<?php $thisforce_ssl = getGlobalSetting('force_ssl');
$opt_force_ssl_on = $opt_force_ssl_off = $opt_force_ssl_neither = '';
$warning_force_ssl = sprintf($clang->gT('Warning: Before turning on HTTPS,%s check if this link works.%s'),'<a href="https://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'].'" title="'. $clang->gT('Test if your server has SSL enabled by clicking on this link.').'">','</a>')
$warning_force_ssl = sprintf($clang->gT('Warning: Before turning on HTTPS,%s check if this link works.%s'),'<a href="https://'.$_SERVER['HTTP_HOST'].$this->createUrl("admin/globalsettings/sa").'" title="'. $clang->gT('Test if your server has SSL enabled by clicking on this link.').'">','</a>')
.'<br/> '
. $clang->gT("If the link does not work and you turn on HTTPS, LimeSurvey will break and you won't be able to access it.");
switch($thisforce_ssl)
Expand Down

0 comments on commit d23fbbd

Please sign in to comment.