Indefero

Indefero Commit Details


Date:2012-04-15 15:59:23 (13 years 6 months ago)
Author:Thomas Keller
Branch:develop, release-1.3
Commit:f11a7f761821f3e38fbde2750c67b5056c3c0068
Parents: bb7544021fa3a51f99633fb2041765f045b7e069
Message:Fix XSS problem in review and issue details (fixes issue 793)
Changes:

File differences

src/IDF/Views/Issue.php
130130
131131
132132
133
133
134134
135135
136136
......
326326
327327
328328
329
329
330330
331331
332332
......
334334
335335
336336
337
337
338338
339339
340340
......
361361
362362
363363
364
364
365365
366366
367367
......
601601
602602
603603
604
604
605605
606606
607607
......
735735
736736
737737
738
738
739739
740740
741741
742
742
743743
744
744
745745
746746
747747
uasort($tagStatistics[$class], function ($a, $b) {
if ($a[0] === $b[0])
return 0;
return ($a[0] > $b[0]) ? -1 : 1;
});
}
public function userIssues($request, $match)
{
$prj = $request->project;
$sql = new Pluf_SQL('login=%s', array($match[2]));
$user = Pluf::factory('Pluf_User')->getOne(array('filter' => $sql->gen()));
if ($user === null) {
array($prj->shortname));
return new Pluf_HTTP_Response_Redirect($url);
}
$otags = $prj->getTagIdsByStatus('open');
$ctags = $prj->getTagIdsByStatus('closed');
if (count($otags) == 0) $otags[] = 0;
$user->first_name,
$user->last_name,
(string) $prj);
// Get stats about the issues
$sql = new Pluf_SQL('project=%s AND submitter=%s AND status IN ('.implode(', ', $otags).')', array($prj->id, $user->id));
$nb_submit = Pluf::factory('IDF_Issue')->getCount(array('filter'=>$sql->gen()));
$url = Pluf_HTTP_URL_urlForView('IDF_Views_Issue::view',
array($prj->shortname, $issue->id));
$title = Pluf_Template::markSafe(sprintf(__('Issue <a href="%1$s">%2$d</a>: %3$s'), $url, $issue->id, $issue->summary));
$title = Pluf_Template::markSafe(sprintf(__('Issue <a href="%1$s">%2$d</a>: %3$s'), $url, $issue->id, Pluf_esc($issue->summary)));
$form = false; // The form is available only if logged in.
$starred = false;
$closed = in_array($issue->status, $prj->getTagIdsByStatus('closed'));
{
$prj = $request->project;
$status = $match[2];
if (mb_strtolower($status) == 'open') {
$url = Pluf_HTTP_URL_urlForView('IDF_Views_Issue::index',
array($prj->shortname));
return new Pluf_HTTP_Response_Redirect($url);
return new Pluf_HTTP_Response_Redirect($url);
}
$title = sprintf(__('%s Closed Issues'), (string) $prj);
// Get stats about the issues
$open = $prj->getIssueCountByStatus('open');
src/IDF/Views/Review.php
137137
138138
139139
140
140
141141
142142
143143
$prj->inOr404($review);
$url = Pluf_HTTP_URL_urlForView('IDF_Views_Review::view',
array($prj->shortname, $review->id));
$title = Pluf_Template::markSafe(sprintf(__('Review <a href="%1$s">%2$d</a>: %3$s'), $url, $review->id, $review->summary));
$title = Pluf_Template::markSafe(sprintf(__('Review <a href="%1$s">%2$d</a>: %3$s'), $url, $review->id, Pluf_esc($review->summary)));
$patches = $review->get_patches_list();
$patch = $patches[0];

Archive Download the corresponding diff file

Page rendered in 0.81590s using 14 queries.