Skip to content

Commit

Permalink
Merge branch 'development'
Browse files Browse the repository at this point in the history
  • Loading branch information
nilsteampassnet committed May 17, 2016
2 parents e955e6c + 8a26d9c commit b897c9f
Show file tree
Hide file tree
Showing 5 changed files with 23 additions and 10 deletions.
2 changes: 1 addition & 1 deletion install/install.queries.php
Original file line number Diff line number Diff line change
Expand Up @@ -246,7 +246,7 @@ function chmod_r($dir, $dirPermissions, $filePermissions) {
`email` varchar(100) DEFAULT NULL,
`notification` varchar(250) DEFAULT NULL,
`viewed_no` int(12) NOT null DEFAULT '0',
`complexity_level` varchar(2) NOT null DEFAULT '-1',
`complexity_level` varchar(3) NOT null DEFAULT '-1',
`auto_update_pwd_frequency` tinyint(2) NOT null DEFAULT '0',
`auto_update_pwd_next_date` int(15) DEFAULT NULL,
PRIMARY KEY (`id`),
Expand Down
2 changes: 2 additions & 0 deletions install/upgrade_run_2.1.26.php
Original file line number Diff line number Diff line change
Expand Up @@ -143,5 +143,7 @@ function tableExists($tablename, $database = false)
exit();
}

// alter table Items
mysqli_query($dbTmp, "ALTER TABLE `".$_SESSION['tbl_prefix']."items` MODIFY complexity_level VARCHAR(3)");

echo '[{"finish":"1" , "next":"", "error":""}]';
18 changes: 14 additions & 4 deletions items.load.php
Original file line number Diff line number Diff line change
Expand Up @@ -902,7 +902,7 @@ function(data) {
$("#id_label").text($('#edit_label').val());
//$("#id_pw").text($('#edit_pw1').val());
$("#id_email").html($('#edit_email').val());
$("#id_url").html($('#edit_url').val());
$("#id_url").html($('#edit_url').val().escapeHTML());
$("#id_desc").html(description);
$("#id_login").html($('#edit_item_login').val());
$("#id_restricted_to").html(data.list_of_restricted);
Expand All @@ -916,7 +916,7 @@ function(data) {
$("#hid_label").val($('#edit_label').val());
$("#hid_pw").val($('#edit_pw1').val());
$("#hid_email").val($('#edit_email').val());
$("#hid_url").val($('#edit_url').val());
$("#hid_url").val($('#edit_url').val().escapeHTML());
$("#hid_desc").val(description);
$("#hid_login").val($('#edit_item_login').val());
$("#hid_restricted_to").val(restriction);
Expand Down Expand Up @@ -2124,7 +2124,7 @@ function(data) {
if (data[0].duplicate != "1") {
$("#div_formulaire_saisi ~ .ui-dialog-buttonpane").find("button:contains('<?php echo $LANG['save_button'];?>')").button("enable");
// display title
$("#"+textFieldId).html(itemTitle);
$("#"+textFieldId).html(itemTitle.escapeHTML());
} else {
$("#label").focus();
$("#new_show_error").html("<?php echo $LANG['duplicate_title_in_same_folder'];?>").show();
Expand All @@ -2133,7 +2133,7 @@ function(data) {
);
} else {
// display title
$("#"+textFieldId).html(itemTitle);
$("#"+textFieldId).html(itemTitle.escapeHTML());
}
}
}
Expand Down Expand Up @@ -3858,4 +3858,14 @@ function serverAutoChangePwd()
});
}


// escape HTML characters
String.prototype.escapeHTML = function() {
return this.replace(/&/g, "&amp;")
.replace(/</g, "&lt;")
.replace(/>/g, "&gt;")
.replace(/"/g, "&quot;")
.replace(/'/g, "&#039;");
}

</script>
9 changes: 5 additions & 4 deletions sources/items.queries.php
Original file line number Diff line number Diff line change
Expand Up @@ -384,11 +384,12 @@

if (count($dataReceived) > 0) {
// Prepare variables
$label = htmlspecialchars_decode($dataReceived['label']);
$url = htmlspecialchars_decode($dataReceived['url']);
$label = noHTML(htmlspecialchars_decode($dataReceived['label']));
$url = noHTML(htmlspecialchars_decode($dataReceived['url']));
$pw = $original_pw = $sentPw = htmlspecialchars_decode($dataReceived['pw']);
$login = htmlspecialchars_decode($dataReceived['login']);
$login = noHTML(htmlspecialchars_decode($dataReceived['login']));
$tags = htmlspecialchars_decode($dataReceived['tags']);
$email = noHTML(htmlspecialchars_decode($dataReceived['email']));
// Get all informations for this item
$dataItem = DB::queryfirstrow(
"SELECT *
Expand Down Expand Up @@ -486,7 +487,7 @@
'description' => $dataReceived['description'],
'pw' => $passwd['string'],
'pw_iv' => $passwd['iv'],
'email' => $dataReceived['email'],
'email' => $email,
'login' => $login,
'url' => $url,
'id_tree' => (!isset($dataReceived['categorie']) || $dataReceived['categorie'] == "undefined") ? $dataItem['id_tree'] : $dataReceived['categorie'],
Expand Down
2 changes: 1 addition & 1 deletion sources/main.functions.php
Original file line number Diff line number Diff line change
Expand Up @@ -1312,5 +1312,5 @@ function get_client_ip_server() {
*/
function noHTML($input, $encoding = 'UTF-8')
{
return htmlentities($input, ENT_QUOTES | ENT_HTML5, $encoding);
return htmlspecialchars($input, ENT_QUOTES | ENT_HTML5, $encoding);
}

0 comments on commit b897c9f

Please sign in to comment.