You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@oodt.apache.org by ah...@apache.org on 2011/12/13 00:46:25 UTC
svn commit: r1213500 -
/oodt/trunk/balance/lib/pear/Core/ApplicationRequest.class.php
Author: ahart
Date: Mon Dec 12 23:46:24 2011
New Revision: 1213500
URL: http://svn.apache.org/viewvc?rev=1213500&view=rev
Log:
resolve OODT-364: patch XSS hole via call to htmlentities()
Modified:
oodt/trunk/balance/lib/pear/Core/ApplicationRequest.class.php
Modified: oodt/trunk/balance/lib/pear/Core/ApplicationRequest.class.php
URL: http://svn.apache.org/viewvc/oodt/trunk/balance/lib/pear/Core/ApplicationRequest.class.php?rev=1213500&r1=1213499&r2=1213500&view=diff
==============================================================================
--- oodt/trunk/balance/lib/pear/Core/ApplicationRequest.class.php (original)
+++ oodt/trunk/balance/lib/pear/Core/ApplicationRequest.class.php Mon Dec 12 23:46:24 2011
@@ -59,7 +59,7 @@ class Org_Apache_Oodt_Balance_Core_Appli
$this->config = $config;
// Store the uri as provided
- $this->uri = $requestURI;
+ $this->uri = htmlentities($requestURI);
// Initialize the segments and view path
$this->segments = array();