diff options
| author | Benjamin Kellermann <Benjamin.Kellermann@gmx.de> | 2013-08-19 08:25:33 +0200 |
|---|---|---|
| committer | Benjamin Kellermann <Benjamin.Kellermann@gmx.de> | 2013-08-19 08:25:33 +0200 |
| commit | fe5ff8340292958c247cf7e3f1ad8330c88de33a (patch) | |
| tree | 25d6183684d0f63eebb5a702467f03e0f2a64823 /poll.rb | |
| parent | 6cd3ca6c265e2d55be6d0906cdae8d178e9e222d (diff) | |
Bugfix XSS (thanks to Sipke Mellema)
Diffstat (limited to 'poll.rb')
| -rw-r--r-- | poll.rb | 15 |
1 files changed, 8 insertions, 7 deletions
@@ -178,7 +178,7 @@ class Poll end def invite_to_html - edituser = $cgi["edituser"] unless $cgi.include?("deleteuser") + edituser = CGI.escapeHTML($cgi["edituser"]) unless $cgi.include?("deleteuser") invitestr = _("Invite") namestr = _("Name") ret = <<HEAD @@ -248,24 +248,25 @@ END end def deleteuser_to_html + edituser = CGI.escapeHTML($cgi["edituser"]) ret = "<tr id='add_participant'>\n" - ret += "<td colspan='2' class='name'>#{$cgi["edituser"]}</td>" + ret += "<td colspan='2' class='name'>#{edituser}</td>" ret += "<td colspan='#{@head.col_size}'>" - ret += _("Do you really want to delete user %{user}?") % {:user => $cgi["edituser"]} - ret += "<input type='hidden' name='delete_participant_confirm' value='#{$cgi["edituser"]}' />" + ret += _("Do you really want to delete user %{user}?") % {:user => edituser} + ret += "<input type='hidden' name='delete_participant_confirm' value='#{edituser}' />" ret += "</td>" - ret += save_input($cgi["edituser"], "", _("Confirm")) + ret += save_input(edituser, "", _("Confirm")) ret += "</tr>" ret end def edituser_to_html - edituser = $cgi["edituser"] + edituser = CGI.escapeHTML($cgi["edituser"]) checked = {} if @data.include?(edituser) @head.columns.each{|k| checked[k] = @data[edituser][k]} else - edituser = $cgi.cookies["username"][0] unless @data.include?($cgi.cookies["username"][0]) + edituser = CGI.escapeHTML($cgi.cookies["username"][0]) unless @data.include?($cgi.cookies["username"][0]) @head.columns.each{|k| checked[k] = NOVAL} end |