Permalink
Browse files

Security - Reintroducing HTML filter after report by Javier Bloem tha…

…t it introduces an XSS, secifically for portals open to new teachers created by anonymous users, and reverting commit svn r20496 referencing issue http://projects.dokeos.com/index.php?do=details&task_id=4109 not accessible to the public anymore.
  • Loading branch information...
ywarnier committed Aug 11, 2013
1 parent 2bfe104 commit 3c770c201dbe1ce96480a3e51ff25d0b70c83514
Showing with 3 additions and 1 deletion.
  1. +3 −1 main/course_info/infocours.php
@@ -134,7 +134,7 @@ function is_settings_editable() {
$form->add_textfield('title', get_lang('Title'), true, array('class' => 'span6'));
//$form->applyFilter('title', 'html_filter');
$form->applyFilter('title', 'html_filter');
$form->applyFilter('title', 'trim');
//$form->add_textfield('tutor_name', get_lang('Professors'), true, array ('size' => '60'));
@@ -154,9 +154,11 @@ function is_settings_editable() {
$form->addElement('select_language', 'course_language', array(get_lang('Ln'), get_lang('TipLang')));
$form->add_textfield('department_name', get_lang('Department'), false, array('class' => 'span5'));
$form->applyFilter('department_name', 'html_filter');
$form->applyFilter('department_name', 'trim');
$form->add_textfield('department_url', get_lang('DepartmentUrl'), false, array('class' => 'span5'));
$form->applyFilter('department_url', 'html_filter');
//$form->addRule('tutor_name', get_lang('ThisFieldIsRequired'), 'required');

0 comments on commit 3c770c2

Please sign in to comment.