Merge branch 'ent-9861-stored-cross-site-scripting-vulnerability-in-create-event-section' into 'develop'
Fix events view XSS vulnerabilities See merge request artica/pandorafms!5284
This commit is contained in:
Daniel Rodriguez
commit
0fb90e3383
|
|
@ -370,7 +370,7 @@ $table->data[5][1] = html_print_select(
|
|||
$table->data[6][0] = '<b>'.__('Free search').'</b>';
|
||||
$table->data[6][1] = html_print_input_text(
|
||||
'search',
|
||||
io_safe_output($search),
|
||||
$search,
|
||||
'',
|
||||
15,
|
||||
255,
|
||||
|
|
|
|||
|
|
@ -1123,13 +1123,13 @@ function events_get_all(
|
|||
$sql_filters[] = sprintf(
|
||||
' AND JSON_VALID(custom_data) = 1
|
||||
AND (JSON_EXTRACT(custom_data, "$.*") LIKE lower("%%%s%%") COLLATE utf8mb4_0900_ai_ci) ',
|
||||
io_safe_output($filter['custom_data'])
|
||||
io_safe_output_html($filter['custom_data'])
|
||||
);
|
||||
} else {
|
||||
$sql_filters[] = sprintf(
|
||||
' AND JSON_VALID(custom_data) = 1
|
||||
AND (JSON_SEARCH(JSON_KEYS(custom_data), "all", lower("%%%s%%") COLLATE utf8mb4_0900_ai_ci) IS NOT NULL) ',
|
||||
io_safe_output($filter['custom_data'])
|
||||
io_safe_output_html($filter['custom_data'])
|
||||
);
|
||||
}
|
||||
} else {
|
||||
|
|
|
|||
|
|
@ -2904,11 +2904,11 @@ $(document).ready( function() {
|
|||
$("#text-event_view_hr").on("keyup",function(){
|
||||
hours = $('#text-event_view_hr').val();
|
||||
if (hours == '' || hours == 0 ) {
|
||||
$('#summary_hours').html('<?php echo __('Any'); ?>');
|
||||
$('#summary_hours').text('<?php echo __('Any'); ?>');
|
||||
} else if (hours == 1) {
|
||||
$('#summary_hours').html('<?php echo __('Last hour.'); ?>');
|
||||
$('#summary_hours').text('<?php echo __('Last hour.'); ?>');
|
||||
} else {
|
||||
$('#summary_hours').html(hours + '<?php echo ' '.__('hours.'); ?>');
|
||||
$('#summary_hours').text(hours + '<?php echo ' '.__('hours.'); ?>');
|
||||
}
|
||||
});
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue