Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

xss filter added

  • Loading branch information...
commit 0db080faadc6e5069a3cb4fde905e9af8608deba 1 parent 7b15387
@squallstar authored
View
10 core/controllers/admin/auth.php
@@ -2,7 +2,7 @@
/**
* Auth Controller
*
- * Login/Logout (amministrazione)
+ * Login/Logout (admin)
*
* @package Bancha
* @author Nicholas Valbusa - info@squallstar.it - @squallstar
@@ -14,8 +14,8 @@
if ( ! defined('BASEPATH')) exit('No direct script access allowed');
-Class Core_Auth extends Bancha_Controller {
-
+Class Core_Auth extends Bancha_Controller
+{
public function __construct()
{
parent::__construct();
@@ -38,8 +38,8 @@ function login()
if ($this->input->post('username'))
{
$logged = $this->auth->login(
- $this->input->post('username'),
- $this->input->post('password')
+ $this->input->post('username', TRUE),
+ $this->input->post('password', TRUE)
);
if ($logged)
View
3  core/documentation/source/basic/changelog.rst
@@ -2,7 +2,7 @@
ChangeLog
######################
-**v 1.0.7** (2012-01-22)
+**v 1.0.7** (2012-01-24)
- UPDATING FROM PREVIOUS VERSIONS: add the new "Services" fieldset on your application/xml/Settings.xml to include the Akismet support that we added
- IMPORTANT: The home template has been renamed to homepage.php (from home.php) - check out your content types schemes and view files.
@@ -20,6 +20,7 @@ ChangeLog
- Added a "View content" button on the flashmessage after saving a record throught the administration: click it to be redirected to that record on the website (needs a page that is listing content types of the same type of the record)
- New methods added to the Record Objects: save(), publish(), depublish(), delete(), delete_related($relation_name);
- Records documentation has been improved with the "Create record objects" page.
+- XSS Filter added on the login and the comments saving script.
**v 1.0.6** (2012-01-14)
View
6 themes/sandbox/views/extra/comments-save.php
@@ -12,9 +12,9 @@
*
*/
-$author = $this->input->post('author');
-$message = $this->input->post('message');
-$email = $this->input->post('email');
+$author = $this->input->post('author', TRUE);
+$message = strip_tags($this->input->post('message', TRUE));
+$email = $this->input->post('email', TRUE);
$is_spam = FALSE;
Please sign in to comment.
Something went wrong with that request. Please try again.