liquid_feedback_frontend
changeset 46:aaba4d28dd53 beta14
Added missing HTML encoding for page titles (security fix!)
| author | bsw |
|---|---|
| date | Mon Mar 15 03:04:19 2010 +0100 (2010-03-15) |
| parents | 58beb12bc024 |
| children | 8e9436ea3017 |
| files | app/main/index/search.lua app/main/member/history.lua config/default.lua |
line diff
1.1 --- a/app/main/index/search.lua Mon Mar 08 22:59:41 2010 +0100 1.2 +++ b/app/main/index/search.lua Mon Mar 15 03:04:19 2010 +0100 1.3 @@ -1,7 +1,7 @@ 1.4 local search_for = param.get("search_for", atom.string) or "global" 1.5 local search_string = param.get("search", atom.string) 1.6 1.7 -slot.put_into("title", _("Search results for: '#{search}'", { search = search_string })) 1.8 +slot.put_into("title", encode.html(_("Search results for: '#{search}'", { search = search_string }))) 1.9 1.10 1.11 if search_for == "global" or search_for == "member" then
2.1 --- a/app/main/member/history.lua Mon Mar 08 22:59:41 2010 +0100 2.2 +++ b/app/main/member/history.lua Mon Mar 15 03:04:19 2010 +0100 2.3 @@ -1,6 +1,6 @@ 2.4 local member = Member:by_id(param.get_id()) 2.5 2.6 -slot.put_into("title", _("Member name history for '#{name}'", { name = member.name })) 2.7 +slot.put_into("title", encode.html(_("Member name history for '#{name}'", { name = member.name }))) 2.8 2.9 slot.select("actions", function() 2.10 ui.link{
3.1 --- a/config/default.lua Mon Mar 08 22:59:41 2010 +0100 3.2 +++ b/config/default.lua Mon Mar 15 03:04:19 2010 +0100 3.3 @@ -1,5 +1,5 @@ 3.4 config.app_name = "LiquidFeedback" 3.5 -config.app_version = "beta13" 3.6 +config.app_version = "beta14" 3.7 3.8 config.app_title = config.app_name .. " (" .. request.get_config_name() .. " environment)" 3.9