Author: autrijus
Date: Sun Nov 7 09:29:51 2004
New Revision: 1728
Modified:
rt/ (props changed)
rt/branches/3.3-TESTING/html/Elements/CollectionAsTable/Row
rt/branches/3.3-TESTING/html/Elements/RT__Ticket/ColumnMap
Log:
r10256@not: autrijus | 2004-11-06T10:35:22.448152Z
* Escape ColumnMap return values properly to prevent cross-site scripting
attack. All HTML snippets are now returned as scalar references.
Modified: rt/branches/3.3-TESTING/html/Elements/CollectionAsTable/Row
==============================================================================
--- rt/branches/3.3-TESTING/html/Elements/CollectionAsTable/Row (original)
+++ rt/branches/3.3-TESTING/html/Elements/CollectionAsTable/Row Sun Nov 7 09:29:51 2004
@@ -54,9 +54,16 @@
my $value = $m->comp('/Elements/RT__Ticket/ColumnMap', Name => $col, Attr => 'value');
if ( $value && ref($value)) {
- $m->out( &{ $value } ( $record, $i ) );
+ # All HTML snippets are returned by the callback function
+ # as scalar references. Data fetched from the objects are
+ # plain scalars, and needs to be escaped properly.
+ $m->out(
+ map { ref($_) ? $$_ : $m->interp->apply_escapes( $_ => 'h' ) }
+ &{ $value } ( $record, $i )
+ );
} else {
- $m->out($value );
+ # Simple value; just escape it.
+ $m->out( $m->interp->apply_escapes( $value => 'h' ) );
}
}
else {
Modified: rt/branches/3.3-TESTING/html/Elements/RT__Ticket/ColumnMap
==============================================================================
_______________________________________________
Rt-commit mailing list
Rt-commit@lists.bestpractical.com
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-commit
Date: Sun Nov 7 09:29:51 2004
New Revision: 1728
Modified:
rt/ (props changed)
rt/branches/3.3-TESTING/html/Elements/CollectionAsTable/Row
rt/branches/3.3-TESTING/html/Elements/RT__Ticket/ColumnMap
Log:
r10256@not: autrijus | 2004-11-06T10:35:22.448152Z
* Escape ColumnMap return values properly to prevent cross-site scripting
attack. All HTML snippets are now returned as scalar references.
Modified: rt/branches/3.3-TESTING/html/Elements/CollectionAsTable/Row
==============================================================================
--- rt/branches/3.3-TESTING/html/Elements/CollectionAsTable/Row (original)
+++ rt/branches/3.3-TESTING/html/Elements/CollectionAsTable/Row Sun Nov 7 09:29:51 2004
@@ -54,9 +54,16 @@
my $value = $m->comp('/Elements/RT__Ticket/ColumnMap', Name => $col, Attr => 'value');
if ( $value && ref($value)) {
- $m->out( &{ $value } ( $record, $i ) );
+ # All HTML snippets are returned by the callback function
+ # as scalar references. Data fetched from the objects are
+ # plain scalars, and needs to be escaped properly.
+ $m->out(
+ map { ref($_) ? $$_ : $m->interp->apply_escapes( $_ => 'h' ) }
+ &{ $value } ( $record, $i )
+ );
} else {
- $m->out($value );
+ # Simple value; just escape it.
+ $m->out( $m->interp->apply_escapes( $value => 'h' ) );
}
}
else {
Modified: rt/branches/3.3-TESTING/html/Elements/RT__Ticket/ColumnMap
==============================================================================
_______________________________________________
Rt-commit mailing list
Rt-commit@lists.bestpractical.com
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-commit