[Rt-commit] [svn] r1728 - in rt: . branches/3.3-TESTING/html/Elements/CollectionAsTable branches/3.3-TESTING/html/Elements/RT__Ticket

[autrijus at pallas.eruditorum.org]

Author: autrijus
Date: Sun Nov  7 09:29:51 2004
New Revision: 1728

Modified:
   rt/   (props changed)
   rt/branches/3.3-TESTING/html/Elements/CollectionAsTable/Row
   rt/branches/3.3-TESTING/html/Elements/RT__Ticket/ColumnMap
Log:
 r10256 at not:  autrijus | 2004-11-06T10:35:22.448152Z
 * Escape ColumnMap return values properly to prevent cross-site scripting
   attack.  All HTML snippets are now returned as scalar references.
 


Modified: rt/branches/3.3-TESTING/html/Elements/CollectionAsTable/Row
==============================================================================
--- rt/branches/3.3-TESTING/html/Elements/CollectionAsTable/Row	(original)
+++ rt/branches/3.3-TESTING/html/Elements/CollectionAsTable/Row	Sun Nov  7 09:29:51 2004
@@ -54,9 +54,16 @@
             my $value = $m->comp('/Elements/RT__Ticket/ColumnMap', Name => $col, Attr => 'value');
 
             if ( $value && ref($value)) {
-                $m->out( &{ $value } ( $record, $i ) );
+		# All HTML snippets are returned by the callback function
+		# as scalar references.  Data fetched from the objects are
+		# plain scalars, and needs to be escaped properly.
+		$m->out( 
+		    map { ref($_) ? $$_ : $m->interp->apply_escapes( $_ => 'h' ) }
+		    &{ $value } ( $record, $i )
+	        );
             } else {
-                $m->out($value );
+		# Simple value; just escape it.
+                $m->out( $m->interp->apply_escapes( $value => 'h' ) );
             }
         }
         else {

Modified: rt/branches/3.3-TESTING/html/Elements/RT__Ticket/ColumnMap
==============================================================================