[interchange] Fix XSS in error tag display of failed submissions
Josh Lavin
interchange-cvs at icdevgroup.org
Thu Jul 25 16:26:54 UTC 2013
commit bea662dbb16afad9c683774f10c0046abc1735f9
Author: Josh Lavin <josh at perusion.com>
Date: Thu Jul 25 09:26:22 2013 -0700
Fix XSS in error tag display of failed submissions
code/SystemTag/error.coretag | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
---
diff --git a/code/SystemTag/error.coretag b/code/SystemTag/error.coretag
index 0cae2b3..e88dc1d 100644
--- a/code/SystemTag/error.coretag
+++ b/code/SystemTag/error.coretag
@@ -43,6 +43,9 @@ sub tag_error {
}
return set_error($error, $var, $opt);
}
+ unless(defined $opt->{filter}) {
+ $opt->{filter} = 'encode_entities';
+ }
my $err_ref = $Vend::Session->{errors};
my $text;
my @errors;
More information about the interchange-cvs
mailing list