From 7d9854d3f9c76f4a7398fbd8c63134be246b6825 Mon Sep 17 00:00:00 2001
From: sagar-ttpl <36881504+sagar-ttpl@users.noreply.github.com>
Date: Mon, 3 Sep 2018 17:00:01 +0530
Subject: [PATCH] Bug #105: XSS related bug fixes (#107)
* Bug #105: XSS related bug fixes
* Bug #105: XSS related bug fixes
---
tjreports/administrator/views/tjreports/tmpl/default.php | 4 ++--
tjreports/site/models/reports.php | 2 ++
tjreports/site/views/reports/tmpl/default.php | 2 +-
3 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/tjreports/administrator/views/tjreports/tmpl/default.php b/tjreports/administrator/views/tjreports/tmpl/default.php
index 9965ae8..03a3c46 100644
--- a/tjreports/administrator/views/tjreports/tmpl/default.php
+++ b/tjreports/administrator/views/tjreports/tmpl/default.php
@@ -103,13 +103,13 @@
{
?>
- title; ?>
+ title, ENT_COMPAT, 'UTF-8'); ?>
title;
+ echo htmlspecialchars($row->title, ENT_COMPAT, 'UTF-8');
}
?>
diff --git a/tjreports/site/models/reports.php b/tjreports/site/models/reports.php
index 58bcfd4..6a3783d 100755
--- a/tjreports/site/models/reports.php
+++ b/tjreports/site/models/reports.php
@@ -928,6 +928,8 @@ public function getReportLink($reportToLink, $filters)
*/
public function getDefaultReport($pluginName)
{
+ $db = JFactory::getDBO();
+
JTable::addIncludePath(JPATH_ROOT . '/administrator/components/com_tjreports/tables');
$reportTable = JTable::getInstance('Tjreport', 'TjreportsTable', array('dbo', $db));
$reportTable->load(array('plugin' => $pluginName, 'default' => 1));
diff --git a/tjreports/site/views/reports/tmpl/default.php b/tjreports/site/views/reports/tmpl/default.php
index 108caa7..e521b09 100644
--- a/tjreports/site/views/reports/tmpl/default.php
+++ b/tjreports/site/views/reports/tmpl/default.php
@@ -74,7 +74,7 @@
if ($app->isSite() && isset($this->reportData->title))
{
?>
- reportData->title?>
+ reportData->title, ENT_COMPAT, 'UTF-8'); ?>