Commit aac632aa authored by Carsten Schmitz's avatar Carsten Schmitz

Fixed issue: [Security] Possible XSS in Resume later function (found and...

Fixed issue: [Security] Possible XSS in Resume later function (found and reported by Robin Peraglie from RIPS Technologies www.ripstech.com )
parent 2c8887ee
......@@ -148,6 +148,11 @@ class Save {
$errormsg .= gT("This name has already been used for this survey. You must use a unique save name.")."<br />\n";
return;
}
elseif (!empty($_POST['saveemail']) && !validateEmailAddress($_POST['saveemail'])) // Check if the email address is valid
{
$errormsg .= gT("This is not a valid email address. Please provide a valid email address or leave it empty.")."<br />\n";
return;
}
else
{
//INSERT BLANK RECORD INTO "survey_x" if one doesn't already exist
......
......@@ -31,14 +31,15 @@
</td>
<td><?php echo $oResult->identifier; ?></td>
<td><?php echo $oResult->ip; ?></td>
<td><?php echo $oResult->saved_date; ?></td>
<td><a href='mailto: <?php echo $oResult->email; ?>'> <?php echo $oResult->email; ?></td>
<td><?php echo htmlspecialchars($oResult->identifier); ?></td>
<td><?php echo $oResult->ip; ?></td>
<td><?php echo $oResult->saved_date; ?></td>
<td><?php echo CHtml::link(htmlspecialchars($oResult->email),'mailto:'.htmlspecialchars($oResult->email)); ?></td>
</tr>
<?php } ?>
</tbody>
</table>
<br />&nbsp;
</p>
\ No newline at end of file
</tr>
<?php } ?>
</tbody>
</table>
<br />&nbsp;
</p>
</div></div></div>
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment