Changeset 586 for trunk/Modules/Translation/TranslationList.php

Timestamp:

Oct 7, 2013, 11:52:11 PM (11 years ago)

Author:

chronos

Message:

• Fixed: SQL injection protection was not applied because of new dynamic URL handling.
• Fixed: HTML entities encodin for search input string.

File:

• trunk/Modules/Translation/TranslationList.php (modified) (2 diffs)

trunk/Modules/Translation/TranslationList.php

@@ -131 +131 @@
                 // Words
                 $Filter['Text'] = GetParameter('text', '', false, true);
-                $Output .= '<td><input name="text" type="text" style="width: 60px;" value="'.$Filter['Text'].'"></td>';
+                $Output .= '<td><input name="text" type="text" style="width: 60px;" value="'.htmlentities($Filter['Text']).'"></td>';
                 if($Filter['Text'] != '')
                 {
@@ -144 +144 @@
                 // Entry
                 $Filter['Entry'] = GetParameter('entry', '', false, true);
-                $Output .= '<td><input name="entry" type="text" style="width: 60px;" value="'.$Filter['Entry'].'"></td>';
+                $Output .= '<td><input name="entry" type="text" style="width: 60px;" value="'.htmlentities($Filter['Entry']).'"></td>';
                 if($Filter['Entry'] != '')
                 {