From e49f94d02e7a292bf7466750685bee46770e1d3c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcos=20Garci=CC=81a=20de=20La=20Fuente?= Date: Sun, 5 Jan 2014 04:52:45 +0100 Subject: [PATCH 1/2] Fixed XSS problem in title tag --- htdocs/main.inc.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index e8342224c4b..1ec90826662 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -968,7 +968,7 @@ function top_htmlhead($head, $title='', $disablejs=0, $disablehead=0, $arrayofjs $appli='Dolibarr'; if (!empty($conf->global->MAIN_APPLICATION_TITLE)) $appli=$conf->global->MAIN_APPLICATION_TITLE; - if ($title) print ''.$appli.' - '.$title.''; + if ($title) print ''.$appli.' - '.htmlentities($title).''; else print "".$appli.""; print "\n"; From e7d2765fc6294ebf8eb7ebe1bbfac06d8edd89d2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcos=20Garci=CC=81a=20de=20La=20Fuente?= Date: Sun, 5 Jan 2014 21:08:37 +0100 Subject: [PATCH 2/2] Replaced use of htmlentities with dol_htmlentities --- htdocs/main.inc.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index 1ec90826662..6ffb94a1bc9 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -968,8 +968,8 @@ function top_htmlhead($head, $title='', $disablejs=0, $disablehead=0, $arrayofjs $appli='Dolibarr'; if (!empty($conf->global->MAIN_APPLICATION_TITLE)) $appli=$conf->global->MAIN_APPLICATION_TITLE; - if ($title) print ''.$appli.' - '.htmlentities($title).''; - else print "".$appli.""; + if ($title) print ''.dol_htmlentities($appli.' - '.$title).''; + else print "".dol_htmlentities($appli).""; print "\n"; if (! defined('DISABLE_JQUERY') && ! $disablejs && $conf->use_javascript_ajax)