diff --git a/checkin_notes b/checkin_notes
index c0987ddba2..1bd610c15d 100644
--- a/checkin_notes
+++ b/checkin_notes
@@ -4154,3 +4154,13 @@ David May 19 2008
scheduler_op.C
languages/translations/
en.po
+
+David May 20 2008
+ - web: fix for cross-site scripting vulnerability
+ (from Nicolas Alvarez)
+
+ html/
+ inc/
+ team.inc
+ user/
+ team_search.php
diff --git a/html/inc/team.inc b/html/inc/team.inc
index 97f15662ce..5f67b8e482 100644
--- a/html/inc/team.inc
+++ b/html/inc/team.inc
@@ -16,9 +16,10 @@ function team_search_form($params) {
";
start_table();
row2("Search criteria (use one or more) ", "");
- row2("Key wordsFind teams with these words in their names or descriptions ", "Find teams with these words in their names or descriptions ',
+ '--- ";
+ echo '--- ';
$country = $params->country;
if (!$country || $country == 'None') $country = "XXX";
print_country_select($country);
@@ -26,7 +27,7 @@ function team_search_form($params) {
row2("Type of team", team_type_select($params->type, true));
$checked = $params->active?"checked":"";
row2("Show only active teams", "Initiate request ";
+ return 'Initiate request ';
}
}
if ($team->ping_user == $user->id) {
if (transfer_ok($team, now)) {
- return "Requested by you, and founder response deadline has passed. Complete foundership transfer .";
+ return 'Requested by you, and founder response deadline has passed. Complete foundership transfer .';
} else {
$deadline = date_str(transfer_ok_time($team));
- return "Requested by you ; founder response deadline is $deadline";
+ return 'Requested by you ; founder response deadline is '.$deadline;
}
}
return "Deferred ";
@@ -89,7 +90,7 @@ function display_team_page($team, $user) {
if ($user->teamid != $team->id) {
$tokens = url_tokens($user->authenticator);
row2("",
- "Join this team
+ "Join this team
Note: if 'OK to email' is set in your project preferences, joining a team gives its founder access to your email address. "
);
}
@@ -135,9 +136,9 @@ function display_team_page($team, $user) {
}
}
row2("New members in last day", $x);
- row2("Total members", "$team->nusers (id&offset=0&sort_by=expavg_credit>view )");
- row2("Active members", "$team->nusers_active (id&offset=0&sort_by=expavg_credit>view )");
- row2("Members with credit", "$team->nusers_worked (id&offset=0&sort_by=total_credit>view )");
+ row2("Total members", "$team->nusers (id&offset=0&sort_by=expavg_credit>view )");
+ row2("Active members", "$team->nusers_active (id&offset=0&sort_by=expavg_credit>view )");
+ row2("Members with credit", "$team->nusers_worked (id&offset=0&sort_by=total_credit>view )");
end_table();
}
@@ -172,12 +173,12 @@ function display_team_members($team, $offset, $sort_by) {
if ($sort_by == "total_credit") {
echo "Total credit ";
} else {
- echo "id&sort_by=total_credit&offset=$offset>Total credit id&sort_by=total_credit&offset=$offset>Total credit Recent average credit ";
} else {
- echo "id&sort_by=expavg_credit&offset=$offset>Recent average credit id&sort_by=expavg_credit&offset=$offset>Recent average credit id&sort_by=$sort_by&offset=$new_offset>Last $n | ";
+ echo "id&sort_by=$sort_by&offset=$new_offset>Last $n | ";
}
if ($j == $offset + $n + 1) {
$new_offset = $offset + $n;
- echo "id&sort_by=$sort_by&offset=$new_offset>Next $n ";
+ echo "id&sort_by=$sort_by&offset=$new_offset>Next $n ";
}
}
diff --git a/html/user/team_search.php b/html/user/team_search.php
index f0fbc75b15..e472e41c73 100644
--- a/html/user/team_search.php
+++ b/html/user/team_search.php
@@ -130,7 +130,11 @@ function search($params) {
$user = get_logged_in_user(false);
if (isset($_GET['submit'])) {
$params = null;
- $params->keywords = $_GET['keywords'];
+ if(get_magic_quotes_gpc()) {
+ $params->keywords = stripslashes($_GET['keywords']);
+ } else {
+ $params->keywords = $_GET['keywords'];
+ }
$params->country = $_GET['country'];
$params->type = $_GET['type'];
$params->active = get_str('active', true);