Merge pull request #537 from sebastian-meyer/fix-xss-issue
Fix XSS issue
This commit is contained in:
commit
b028292576
|
@ -11,7 +11,7 @@ conf.py:
|
|||
copyright: 2017
|
||||
project: Kitodo.Presentation
|
||||
version: 2.3
|
||||
release: 2.3.0
|
||||
release: 2.3.1
|
||||
intersphinx_mapping:
|
||||
t3tsref:
|
||||
- http://docs.typo3.org/typo3cms/TyposcriptReference/
|
||||
|
|
|
@ -21,7 +21,7 @@ $EM_CONF[$_EXTKEY] = array (
|
|||
'uploadfolder' => TRUE,
|
||||
'createDirs' => '',
|
||||
'clearCacheOnLoad' => FALSE,
|
||||
'version' => '2.3.0',
|
||||
'version' => '2.3.1',
|
||||
'constraints' => array (
|
||||
'depends' => array (
|
||||
'php' => '7.0.0-',
|
||||
|
|
|
@ -365,7 +365,7 @@ class tx_dlf_listview extends tx_dlf_plugin {
|
|||
|
||||
if ($piVar != 'order' && $piVar != 'DATA' && !empty($value)) {
|
||||
|
||||
$sorting .= '<input type="hidden" name="'.$this->prefixId.'['.$piVar.']" value="'.htmlspecialchars($value).'" />';
|
||||
$sorting .= '<input type="hidden" name="'.$this->prefixId.'['.preg_replace('/[^A-Za-z0-9_-]/', '', $piVar).']" value="'.htmlspecialchars($value).'" />';
|
||||
|
||||
}
|
||||
|
||||
|
|
|
@ -75,7 +75,7 @@ class tx_dlf_navigation extends tx_dlf_plugin {
|
|||
|
||||
if ($piVar != 'page' && $piVars != 'DATA' && !empty($value)) {
|
||||
|
||||
$output .= '<input type="hidden" name="'.$this->prefixId.'['.$piVar.']" value="'.htmlspecialchars($value).'" />';
|
||||
$output .= '<input type="hidden" name="'.$this->prefixId.'['.preg_replace('/[^A-Za-z0-9_-]/', '', $piVar).']" value="'.htmlspecialchars($value).'" />';
|
||||
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue