Revision: 2003
http://mrbs.svn.sourceforge.net/mrbs/?rev=2003&view=rev
Author: cimorrison
Date: 2011-09-23 13:55:33 +0000 (Fri, 23 Sep 2011)
Log Message:
-----------
Removed HTML escaping of room column names because they are trusted and some of
them deliberately contain HTML entities (eg )
Modified Paths:
--------------
mrbs/branches/datatables/web/admin.php
Modified: mrbs/branches/datatables/web/admin.php
===================================================================
--- mrbs/branches/datatables/web/admin.php 2011-09-23 13:47:12 UTC (rev
2002)
+++ mrbs/branches/datatables/web/admin.php 2011-09-23 13:55:33 UTC (rev
2003)
@@ -287,7 +287,9 @@
$text = get_loc_field_name($tbl_room, $field['name']);
break;
}
- echo "<th><div>" . htmlspecialchars($text) . "</div></th>\n";
+ // We don't use htmlspecialchars() here because the column names
are
+ // trusted and some of them may deliberately contain HTML entities
(eg )
+ echo "<th><div>$text</div></th>\n";
}
}
echo "</tr>\n";
This was sent by the SourceForge.net collaborative development platform, the
world's largest Open Source development site.
------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security
threats, fraudulent activity, and more. Splunk takes this data and makes
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2dcopy2
_______________________________________________
Mrbs-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/mrbs-commits
