From: tassium Date: Thu, 23 Jan 2003 20:57:39 +0000 (+0000) Subject: Avoid XSS silliness in the calendar plugin X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=94e0aaf97cb0617bac2f7efc543beddab98e96b0;p=squirrelmail.git Avoid XSS silliness in the calendar plugin git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@4460 7612ce4b-ef26-0410-bec9-ea0150e637f0 --- diff --git a/plugins/calendar/calendar_data.php b/plugins/calendar/calendar_data.php index 9db7433a..dff67331 100644 --- a/plugins/calendar/calendar_data.php +++ b/plugins/calendar/calendar_data.php @@ -35,8 +35,8 @@ function readcalendardata() { while ($fdata = fgetcsv ($fp, 4096, '|')) { $calendardata[$fdata[0]][$fdata[1]] = array( 'length' => $fdata[2], 'priority' => $fdata[3], - 'title' => $fdata[4], - 'message' => $fdata[5], + 'title' => htmlentities($fdata[4],ENT_NOQUOTES), + 'message' => htmlentities($fdata[5],ENT_NOQUOTES), 'reminder' => $fdata[6] ); } fclose ($fp); diff --git a/plugins/calendar/event_create.php b/plugins/calendar/event_create.php index 62cd0e78..8cf9b06c 100644 --- a/plugins/calendar/event_create.php +++ b/plugins/calendar/event_create.php @@ -186,11 +186,11 @@ if(!isset($event_text)){ ) . html_tag( 'tr', html_tag( 'td', _("Title:"), 'right', $color[4] ) . "\n" . - html_tag( 'td', $event_title, 'left', $color[4] ) . "\n" + html_tag( 'td', htmlentities($event_title,ENT_NOQUOTES), 'left', $color[4] ) . "\n" ) . html_tag( 'tr', html_tag( 'td', _("Message:"), 'right', $color[4] ) . "\n" . - html_tag( 'td', $event_text, 'left', $color[4] ) . "\n" + html_tag( 'td', htmlentities($event_text,ENT_NOQUOTES), 'left', $color[4] ) . "\n" ) . html_tag( 'tr', html_tag( 'td',