[LON-CAPA-cvs] cvs: loncom /interface lonsupportreq.pm
raeburn
raeburn at source.lon-capa.org
Fri Jan 4 12:46:01 EST 2013
raeburn Fri Jan 4 17:46:01 2013 EDT
Modified files:
/loncom/interface lonsupportreq.pm
Log:
- Additional entity conversions for CC field (authenticated users only)
to proof against XSS
Index: loncom/interface/lonsupportreq.pm
diff -u loncom/interface/lonsupportreq.pm:1.70 loncom/interface/lonsupportreq.pm:1.71
--- loncom/interface/lonsupportreq.pm:1.70 Fri Jan 4 16:57:38 2013
+++ loncom/interface/lonsupportreq.pm Fri Jan 4 17:46:00 2013
@@ -1,5 +1,5 @@
#
-# $Id: lonsupportreq.pm,v 1.70 2013/01/04 16:57:38 raeburn Exp $
+# $Id: lonsupportreq.pm,v 1.71 2013/01/04 17:46:00 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -677,10 +677,11 @@
$okcclist = join(', ', at ok_ccs);
}
if (@bad_ccs == 1) {
- $badccmsg .= '<br />'.&mt('The following Cc e-mail address is invalid: ').$bad_ccs[0];
+ if ($bad_ccs[0] ne '') {
+ $badccmsg .= '<br />'.&mt('The following Cc e-mail address is invalid: ').&cleanup_html($bad_ccs[0]);
+ }
} elsif (@bad_ccs > 1) {
- my $bad_cc_string = join(', ', at bad_ccs);
- $badccmsg .= '<br />'.&mt('The following Cc e-mail addresses are invalid: ').$bad_cc_string;
+ $badccmsg .= '<br />'.&mt('The following Cc e-mail addresses are invalid: '). &cleanup_html(join(', ', at bad_ccs));
}
}
$env{'form.user'} = "'".$env{'form.uname'}.':'.$env{'form.udom'}."'";
@@ -716,9 +717,12 @@
'<span class="LC_helpform_receipt_cat">'.
"$lt{$item}</span>: $showurl<br />\n";
} elsif ($item eq 'cc') {
- $displaymsg .=
- '<span class="LC_helpform_receipt_cat">'.
- "$lt{$item}</span>: $okcclist<br />\n";
+ if ($okcclist) {
+ my $showcclist = &cleanup_html($okcclist);
+ $displaymsg .=
+ '<span class="LC_helpform_receipt_cat">'.
+ "$lt{$item}</span>: $showcclist<br />\n";
+ }
} else {
my $showitem = $env{'form.'.$item};
$showitem = &cleanup_html($showitem);
More information about the LON-CAPA-cvs
mailing list