You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@oodt.apache.org by ah...@apache.org on 2011/12/13 00:46:25 UTC

svn commit: r1213500 - /oodt/trunk/balance/lib/pear/Core/ApplicationRequest.class.php

Author: ahart
Date: Mon Dec 12 23:46:24 2011
New Revision: 1213500

URL: http://svn.apache.org/viewvc?rev=1213500&view=rev
Log:
resolve OODT-364: patch XSS hole via call to htmlentities()

Modified:
    oodt/trunk/balance/lib/pear/Core/ApplicationRequest.class.php

Modified: oodt/trunk/balance/lib/pear/Core/ApplicationRequest.class.php
URL: http://svn.apache.org/viewvc/oodt/trunk/balance/lib/pear/Core/ApplicationRequest.class.php?rev=1213500&r1=1213499&r2=1213500&view=diff
==============================================================================
--- oodt/trunk/balance/lib/pear/Core/ApplicationRequest.class.php (original)
+++ oodt/trunk/balance/lib/pear/Core/ApplicationRequest.class.php Mon Dec 12 23:46:24 2011
@@ -59,7 +59,7 @@ class Org_Apache_Oodt_Balance_Core_Appli
 		$this->config = $config;
 		
 		// Store the uri as provided
-		$this->uri = $requestURI;
+		$this->uri = htmlentities($requestURI);
 		
 		// Initialize the segments and view path
 		$this->segments = array();