From: Hypolite Petovan Date: Wed, 2 Aug 2023 14:29:50 +0000 (+0200) Subject: Remove escaping exception for form field values X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=6f9e15ea578e1ab73c0328c928444c0169f961bc;p=friendica.git Remove escaping exception for form field values - This could allow code injection from a malicious query leading to a form page - Thanks to Laura Pîrcălăboiu for the report --- diff --git a/view/templates/field_combobox.tpl b/view/templates/field_combobox.tpl index 3e6e06052f..b62bf2dbac 100644 --- a/view/templates/field_combobox.tpl +++ b/view/templates/field_combobox.tpl @@ -1,4 +1,3 @@ -
{{* html5 don't work on Chrome, Safari and IE9 @@ -6,13 +5,13 @@ {{foreach $field.4 as $opt=>$val}} *}} - - + + - + {{if $field.3}} {{$field.3 nofilter}} {{/if}} diff --git a/view/templates/field_openid.tpl b/view/templates/field_openid.tpl index 3c7d02bb8e..033a1f8e50 100644 --- a/view/templates/field_openid.tpl +++ b/view/templates/field_openid.tpl @@ -1,7 +1,6 @@ -
- + {{if $field.3}} {{$field.3 nofilter}} {{/if}} diff --git a/view/templates/field_password.tpl b/view/templates/field_password.tpl index 07241fb11b..57149fe52d 100644 --- a/view/templates/field_password.tpl +++ b/view/templates/field_password.tpl @@ -1,7 +1,6 @@ -
- + {{if $field.3}} {{$field.3 nofilter}} {{/if}} diff --git a/view/theme/frio/templates/field_colorinput.tpl b/view/theme/frio/templates/field_colorinput.tpl index 2c530a2e46..f812ff234b 100644 --- a/view/theme/frio/templates/field_colorinput.tpl +++ b/view/theme/frio/templates/field_colorinput.tpl @@ -1,9 +1,8 @@ -
- +
{{if $field.3}} {{$field.3 nofilter}} diff --git a/view/theme/frio/templates/field_fileinput.tpl b/view/theme/frio/templates/field_fileinput.tpl index dd6825f2ee..96ae45596e 100644 --- a/view/theme/frio/templates/field_fileinput.tpl +++ b/view/theme/frio/templates/field_fileinput.tpl @@ -1,8 +1,7 @@ -
- +
{{if $field.3}} diff --git a/view/theme/frio/templates/field_openid.tpl b/view/theme/frio/templates/field_openid.tpl index bae9cb4fc4..c36dbfabca 100644 --- a/view/theme/frio/templates/field_openid.tpl +++ b/view/theme/frio/templates/field_openid.tpl @@ -1,7 +1,6 @@ -
- + {{if $field.3}} {{$field.3 nofilter}} {{/if}} diff --git a/view/theme/frio/templates/field_password.tpl b/view/theme/frio/templates/field_password.tpl index 25a7d0c4ce..0fb27ca88f 100644 --- a/view/theme/frio/templates/field_password.tpl +++ b/view/theme/frio/templates/field_password.tpl @@ -1,7 +1,6 @@ -
- + {{if $field.3}} {{$field.3 nofilter}} {{/if}}