http://www.atutor.ca/atutor/mantis/view.php?id=2749

diff --git a/docs/file_storage/comments.php b/docs/file_storage/comments.php
index 358d56f..20137f3 100644 (file)
--- a/docs/file_storage/comments.php
+++ b/docs/file_storage/comments.php
@@ -131,7 +131,7 @@ if (!$files) {
        <div class="row">\r
                <h3><?php echo $current_file['file_name']; ?> <small> - <?php echo _AT('revision'); ?> <?php echo $current_file['num_revisions']; ?></small></h3>\r
                <span style="font-size: small"><?php echo get_display_name($current_file['member_id']); ?> - <?php echo AT_date(_AT('filemanager_date_format'), $current_file['date'], AT_DATE_MYSQL_DATETIME); ?></span>\r
-               <p><?php echo nl2br($current_file['comments']); ?></p>\r
+               <p><?php echo htmlspecialchars(nl2br($current_file['description'])); ?></p>\r
        </div>\r
 </div>\r
 \r
@@ -157,7 +157,7 @@ if ($row = mysql_fetch_assoc($result)): ?>
                        <?php else: ?>\r
                                <div class="row">\r
                                        <h4><?php echo get_display_name($row['member_id']); ?> - <?php echo AT_date(_AT('filemanager_date_format'), $row['date'], AT_DATE_MYSQL_DATETIME); ?></h4>\r
-                                       <p><?php echo nl2br($row['comment']); ?></p>\r
+                                       <p><?php echo htmlspecialchars(nl2br($row['comment'])); ?></p>\r
                                                <?php if ($row['member_id'] == $_SESSION['member_id']): ?>\r
                                                        <div style="text-align:right; font-size: smaller">\r
                                                                <a href="file_storage/comments.php<?php echo $owner_arg_prefix.'id='.$id.SEP.'comment_id='.$row['comment_id']; ?>#c<?php echo $row['comment_id']; ?>"><?php echo _AT('edit'); ?></a> | <a href="file_storage/delete_comment.php<?php echo $owner_arg_prefix . 'file_id='.$id.SEP; ?>id=<?php echo $row['comment_id']; ?>"><?php echo _AT('delete'); ?></a>\r

diff --git a/docs/file_storage/edit.php b/docs/file_storage/edit.php
index 768b251..8f8c349 100644 (file)
--- a/docs/file_storage/edit.php
+++ b/docs/file_storage/edit.php
@@ -146,7 +146,7 @@ $file_path = fs_get_file_path($id);
 <div class="input-form">\r
        <div class="row">\r
                <div class="required" title="<?php echo _AT('required_field'); ?>">*</div><label for="name"><?php echo _AT('file_name'); ?></label><br />\r
-               <input type="text" name="name" id="name" value="<?php echo $row['file_name']; ?>" size="40" maxlength="70" />\r
+               <input type="text" name="name" id="name" value="<?php echo htmlspecialchars($row['file_name']); ?>" size="40" maxlength="70" />\r
        </div>\r
 \r
        <div class="row">\r

diff --git a/docs/file_storage/edit_folder.php b/docs/file_storage/edit_folder.php
index 7e8d5da..c1d6344 100644 (file)
--- a/docs/file_storage/edit_folder.php
+++ b/docs/file_storage/edit_folder.php
@@ -73,7 +73,7 @@ if (!$row = mysql_fetch_assoc($result)) {
 <div class="input-form">\r
        <div class="row">\r
                <div class="required" title="<?php echo _AT('required_field'); ?>">*</div><label for="name"><?php echo _AT('name'); ?></label><br />\r
-               <input type="text" name="name" id="name" value="<?php echo $row['title']; ?>" size="40" maxlength="70" />\r
+               <input type="text" name="name" id="name" value="<?php echo htmlspecialchars($row['title']); ?>" size="40" maxlength="70" />\r
        </div>\r
 \r
        <div class="row buttons">\r

diff --git a/docs/file_storage/index.php b/docs/file_storage/index.php
index 146b2ce..c4229bf 100644 (file)
--- a/docs/file_storage/index.php
+++ b/docs/file_storage/index.php
@@ -211,7 +211,7 @@ else if (query_bit($owner_status, WORKSPACE_AUTH_WRITE) && isset($_GET['delete']
                $sql = "SELECT file_name FROM ".TABLE_PREFIX."files WHERE file_id IN ($files) AND owner_type=$owner_type AND owner_id=$owner_id ORDER BY file_name";
                $result = mysql_query($sql, $db);
                while ($row = mysql_fetch_assoc($result)) {
-                       $file_list_to_print .= '<li style="list-style: none; margin: 0px; padding: 0px 10px;"><img src="images/file_types/'.fs_get_file_type_icon($row['file_name']).'.gif" height="16" width="16" alt="" title="" /> '.$row['file_name'].'</li>';
+                       $file_list_to_print .= '<li style="list-style: none; margin: 0px; padding: 0px 10px;"><img src="images/file_types/'.fs_get_file_type_icon($row['file_name']).'.gif" height="16" width="16" alt="" title="" /> '.htmlspecialchars($row['file_name']).'</li>';
                }
                $msg->addConfirm(array('FILE_DELETE', $file_list_to_print), $hidden_vars);
        }
@@ -222,7 +222,7 @@ else if (query_bit($owner_status, WORKSPACE_AUTH_WRITE) && isset($_GET['delete']
                $hidden_vars['folders'] = $folders;
                $rows = fs_get_folder_by_id($_GET['folders'], $owner_type, $owner_id);
                foreach ($rows as $row) {
-                       $dir_list_to_print .= '<li style="list-style: none; margin: 0px; padding: 0px 10px;"><img src="images/folder.gif" height="18" width="20" alt="" title="" /> '.$row['title'].'</li>';
+                       $dir_list_to_print .= '<li style="list-style: none; margin: 0px; padding: 0px 10px;"><img src="images/folder.gif" height="18" width="20" alt="" title="" /> '.htmlspecialchars($row['title']).'</li>';
                }
                $msg->addConfirm(array('DIR_DELETE', $dir_list_to_print), $hidden_vars);
        }
@@ -506,10 +506,10 @@ if (authenticate(AT_PRIV_ASSIGNMENTS, AT_PRIV_RETURN)) {
                        <a href="<?php echo $_SERVER['PHP_SELF'].$owner_arg_prefix; ?>folder=0"><?php echo _AT('home'); ?></a>
                <?php foreach ($folder_path as $folder_info): ?>
                        <?php if ($folder_info['folder_id'] == $folder_id): ?>
-                               » <?php echo $folder_info['title']; ?>
+                               » <?php echo htmlspecialchars($folder_info['title']); ?>
                                <?php $parent_folder_id = $folder_info['parent_folder_id']; ?>
                        <?php else: ?>
-                               » <a href="<?php echo $_SERVER['PHP_SELF'].$owner_arg_prefix; ?>folder=<?php echo $folder_info['folder_id']; ?>"><?php echo $folder_info['title']; ?></a>
+                               » <a href="<?php echo $_SERVER['PHP_SELF'].$owner_arg_prefix; ?>folder=<?php echo $folder_info['folder_id']; ?>"><?php echo htmlspecialchars($folder_info['title']); ?></a>
                        <?php endif; ?>
                <?php endforeach; ?>
        </td>
@@ -551,7 +551,7 @@ if (authenticate(AT_PRIV_ASSIGNMENTS, AT_PRIV_RETURN)) {
        <?php foreach ($folders as $folder_info): ?>
                <tr onmousedown="document.form['f<?php echo $folder_info['folder_id']; ?>'].checked = !document.form['f<?php echo $folder_info['folder_id']; ?>'].checked; rowselectbox(this, document.form['f<?php echo $folder_info['folder_id']; ?>'].checked, 'checkbuttons(false)');" id="r_<?php echo $folder_info['folder_id']; ?>_1">
                        <td width="10"><input type="checkbox" name="folders[]" value="<?php echo $folder_info['folder_id']; ?>" id="f<?php echo $folder_info['folder_id']; ?>" onmouseup="this.checked=!this.checked" /></td>
-                       <td><img src="images/folder.gif" height="18" width="20" alt="" /> <a href="<?php echo $_SERVER['PHP_SELF'].$owner_arg_prefix; ?>folder=<?php echo $folder_info['folder_id']; ?>"><?php echo $folder_info['title']; ?></a></td>
+                       <td><img src="images/folder.gif" height="18" width="20" alt="" /> <a href="<?php echo $_SERVER['PHP_SELF'].$owner_arg_prefix; ?>folder=<?php echo $folder_info['folder_id']; ?>"><?php echo htmlspecialchars($folder_info['title']); ?></a></td>
                        <td>&nbsp;</td>
                        <td>&nbsp;</td>
                        <td>&nbsp;</td>
@@ -563,9 +563,9 @@ if (authenticate(AT_PRIV_ASSIGNMENTS, AT_PRIV_RETURN)) {
                <tr onmousedown="document.form['r<?php echo $file_info['file_id']; ?>'].checked = !document.form['r<?php echo $file_info['file_id']; ?>'].checked; rowselectbox(this, document.form['r<?php echo $file_info['file_id']; ?>'].checked, 'checkbuttons(false)');" id="r_<?php echo $file_info['file_id']; ?>_0">
                        <td valign="top" width="10"><input type="checkbox" name="files[]" value="<?php echo $file_info['file_id']; ?>" id="r<?php echo $file_info['file_id']; ?>" onmouseup="this.checked=!this.checked" /></td>
                        <td valign="top">
-                               <img src="images/file_types/<?php echo fs_get_file_type_icon($file_info['file_name']); ?>.gif" height="16" width="16" alt="" title="" /> <?php echo $file_info['file_name']; ?>
+                               <img src="images/file_types/<?php echo fs_get_file_type_icon($file_info['file_name']); ?>.gif" height="16" width="16" alt="" title="" /> <?php echo htmlspecialchars($file_info['file_name']); ?>
                                <?php if ($file_info['description']): ?>
-                                       <p class="fm-desc"><?php echo $file_info['description']; ?></p>
+                                       <p class="fm-desc"><?php echo htmlspecialchars($file_info['description']); ?></p>
                                <?php endif; ?>
                        </td>
                        <td valign="top"><?php echo get_display_name($file_info['member_id']); ?></td>

diff --git a/docs/include/lib/file_storage.inc.php b/docs/include/lib/file_storage.inc.php
index 4df58b8..153eff1 100644 (file)
--- a/docs/include/lib/file_storage.inc.php
+++ b/docs/include/lib/file_storage.inc.php
@@ -221,7 +221,7 @@ function fs_print_folders($current_folder_id, $parent_folder_id, &$folders, $dis
                if ($disable) {\r
                        echo ' disabled="disabled"';\r
                }\r
-               echo '/><label for="f'.$folder_id.'">'.$folder_info['title'];\r
+               echo '/><label for="f'.$folder_id.'">'.htmlspecialchars($folder_info['title']);\r
                if ($folder_id == $current_folder_id) {\r
                        echo ' '._AT('current_location');\r
                }\r