10 年之前 · 9fccf5e0c2
--- a/application/cmdbabstract.class.inc.php
+++ b/application/cmdbabstract.class.inc.php
@@ -1522,7 +1522,7 @@ abstract class cmdbAbstractObject extends CMDBObject implements iDisplay
 
				 		{

			
 
				 			if (is_scalar($sValue))

			
 
				 			{

			
 
				-				$sHtml .= "<input type=\"hidden\" name=\"$sName\" value=\"$sValue\" />\n";

			
 
				+				$sHtml .= "<input type=\"hidden\" name=\"$sName\" value=\"".htmlentities($sValue, ENT_QUOTES, 'UTF-8')."\" />\n";

			
 
				 			}

			
 
				 		}

			
 
				 		$sHtml .= "<input type=\"hidden\" name=\"class\" value=\"$sClassName\" />\n";

			
--- a/application/portalwebpage.class.inc.php
+++ b/application/portalwebpage.class.inc.php
@@ -826,7 +826,7 @@ EOF
 
				 		}
			
 
				 
			
 
				 		$sStepHistory = implode(',', $aPreviousSteps);
			
 
				-		$this->add("<input type=\"hidden\" id=\"step_history\" name=\"step_history\" value=\"$sStepHistory\">");
			
 
				+		$this->add("<input type=\"hidden\" id=\"step_history\" name=\"step_history\" value=\"".htmlentities($sStepHistory, ENT_QUOTES, 'UTF-8')."\">");
			
 
				 
			
 
				 		if (!is_null($sNextStep))
			
 
				 		{		
			
--- a/application/ui.extkeywidget.class.inc.php
+++ b/application/ui.extkeywidget.class.inc.php
@@ -259,7 +259,7 @@ EOF
 
				 			$sHTMLValue .= "<img id=\"mini_search_{$this->iId}\" style=\"border:0;vertical-align:middle;cursor:pointer;\" src=\"../images/mini_search.gif\" onClick=\"oACWidget_{$this->iId}.Search();\"/>&nbsp;";
			
 
				 	
			
 
				 			// another hidden input to store & pass the object's Id
			
 
				-			$sHTMLValue .= "<input type=\"hidden\" id=\"$this->iId\" name=\"{$sAttrFieldPrefix}{$sFieldName}\" value=\"$value\" />\n";
			
 
				+			$sHTMLValue .= "<input type=\"hidden\" id=\"$this->iId\" name=\"{$sAttrFieldPrefix}{$sFieldName}\" value=\"".htmlentities($value, ENT_QUOTES, 'UTF-8')."\" />\n";
			
 
				 
			
 
				 			$JSSearchMode = $this->bSearchMode ? 'true' : 'false';	
			
 
				 			// Scripts to start the autocomplete and bind some events to it
			
--- a/readme.txt
+++ b/readme.txt
@@ -1,4 +1,4 @@
 
				-iTop - version 2.1.0 - 16-Dec-2014

			
 
				+iTop - version 2.1.0 - 18-Dec-2014

			
 
				 Readme file

			
 
				 

			
 
				 1.   ABOUT THIS RELEASE

			
@@ -284,6 +284,7 @@ Prevent the JS validation (on focus) to create multiple entries for the same fie
 
				 #1037 Refresh "priority" when either "impact" or "urgency" changes.

			
 
				 #1038 Duplicate column name (service name) when importing service subcategories

			
 
				 #1040 The graphical display of "impact/depends on" is not consistent with the "list" tab

			
 
				+#1041 Protect against XSS injections

			
 
				 

			
 
				 

			
 
				 Extending the data model