fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-04-28 23:03:25 +09:00
Code Issues Projects Releases Packages Wiki Activity

issue 3595 protect from XSS

Browse source 
git-svn-id: http://xe-core.googlecode.com/svn/branches/maserati@13163 201d5d3c-b55e-5fd7-737f-ddc643e51545
This commit is contained in:
ngleader 2013-09-26 02:04:42 +00:00
parent e2e1f5f2c1
commit 715276bce9
1 changed files with 2 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

9
modules/poll/poll.controller.php
View file

@ -21,6 +21,7 @@ class pollController extends poll
$stop_date = Context::get('stop_date');
if($stop_date < date("Ymd")) $stop_date = date("YmdHis", time()+60*60*24*365);
$logged_info = Context::get('logged_info');
$vars = Context::getRequestVars();
foreach($vars as $key => $val)
{
@ -32,12 +33,7 @@ class pollController extends poll
$poll_index = $tmp_arr[1];
if(Context::get('is_logged'))
{
$logged_info = Context::get('logged_info');
// Remove the tag if the it is not the top administrator in the session
if($logged_info->is_admin != 'Y') $val = htmlspecialchars($val);
}
if($logged_info->is_admin != 'Y') $val = htmlspecialchars($val);
if($tmp_arr[0]=='title') $tmp_args[$poll_index]->title = $val;
else if($tmp_arr[0]=='checkcount') $tmp_args[$poll_index]->checkcount = $val;
@ -56,7 +52,6 @@ class pollController extends poll
// Configure the variables
$poll_srl = getNextSequence();
$logged_info = Context::get('logged_info');
$member_srl = $logged_info->member_srl?$logged_info->member_srl:0;
$oDB = &DB::getInstance();