gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2024-11-26 15:32:13 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

add fix for CVE-2019-12932, escape strings output by incr. search

Browse Source
This commit is contained in:
Uwe Steinmann 2019-06-24 11:53:01 +02:00
parent 66d2dcce8e
commit 414f00c5c9
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
styles/bootstrap/application.js
View File

@ -90,11 +90,11 @@ $(document).ready( function() {
},
highlighter : function (item) {
if(item.charAt(0) == 'D')
return '<i class="icon-file"></i> ' + item.substring(1);
return '<i class="icon-file"></i> ' + item.substring(1).replace(/</g, '&lt;');
else if(item.charAt(0) == 'F')
return '<i class="icon-folder-close-alt"></i> ' + item.substring(1);
return '<i class="icon-folder-close-alt"></i> ' + item.substring(1).replace(/</g, '&lt;');
else
return '<i class="icon-search"></i> ' + item.substring(1);
return '<i class="icon-search"></i> ' + item.substring(1).replace(/</g, '&lt;');
}
}); /* }}} */
@ -122,7 +122,7 @@ $(document).ready( function() {
},
highlighter : function (item) {
strarr = item.split("#");
return '<i class="icon-file"></i> ' + strarr[1];
return '<i class="icon-file"></i> ' + strarr[1].replace(/</g, '&lt;');
}
}); /* }}} */
@ -151,7 +151,7 @@ $(document).ready( function() {
},
highlighter : function (item) {
strarr = item.split("#");
return '<i class="icon-folder-close-alt"></i> ' + strarr[1];
return '<i class="icon-folder-close-alt"></i> ' + strarr[1].replace(/</g, '&lt;');
}
}); /* }}} */