
interchange-cvs at icdevgroup
Jul 25, 2013, 9:26 AM
Post #1 of 1
(36 views)
Permalink
|
|
[interchange] Fix XSS in error tag display of failed submissions
|
|
commit bea662dbb16afad9c683774f10c0046abc1735f9 Author: Josh Lavin <josh [at] perusion> Date: Thu Jul 25 09:26:22 2013 -0700 Fix XSS in error tag display of failed submissions code/SystemTag/error.coretag | 3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) --- diff --git a/code/SystemTag/error.coretag b/code/SystemTag/error.coretag index 0cae2b3..e88dc1d 100644 --- a/code/SystemTag/error.coretag +++ b/code/SystemTag/error.coretag @@ -43,6 +43,9 @@ sub tag_error { } return set_error($error, $var, $opt); } + unless(defined $opt->{filter}) { + $opt->{filter} = 'encode_entities'; + } my $err_ref = $Vend::Session->{errors}; my $text; my @errors; _______________________________________________ interchange-cvs mailing list interchange-cvs [at] icdevgroup http://www.icdevgroup.org/mailman/listinfo/interchange-cvs
|