testbot: Always escape GetPageTitle() and GetTitle() before putting them in an HTML page.
Francois Gouget
fgouget at codeweavers.com
Wed Aug 6 18:20:58 CDT 2014
---
This should fix the issue reported by Sebastian Lackner concerning, for
instance, job 8265.
testbot/lib/ObjectModel/CGI/CollectionPage.pm | 2 +-
testbot/lib/ObjectModel/CGI/FormPage.pm | 2 +-
testbot/lib/ObjectModel/CGI/ItemPage.pm | 13 ++-----------
testbot/lib/ObjectModel/CGI/Page.pm | 22 ++++++++++++++++++++++
4 files changed, 26 insertions(+), 13 deletions(-)
diff --git a/testbot/lib/ObjectModel/CGI/CollectionPage.pm b/testbot/lib/ObjectModel/CGI/CollectionPage.pm
index e0714bf..1652190 100644
--- a/testbot/lib/ObjectModel/CGI/CollectionPage.pm
+++ b/testbot/lib/ObjectModel/CGI/CollectionPage.pm
@@ -65,7 +65,7 @@ sub GenerateTitle($)
my $Title = $self->GetTitle();
if ($Title)
{
- print "<h1>$Title</h1>\n";
+ print "<h1>", $self->escapeHTML($Title), "</h1>\n";
}
}
diff --git a/testbot/lib/ObjectModel/CGI/FormPage.pm b/testbot/lib/ObjectModel/CGI/FormPage.pm
index 740b97e..197cdb9 100644
--- a/testbot/lib/ObjectModel/CGI/FormPage.pm
+++ b/testbot/lib/ObjectModel/CGI/FormPage.pm
@@ -87,7 +87,7 @@ sub GenerateTitle($)
my $Title = $self->GetTitle();
if ($Title)
{
- print "<h1>$Title</h1>\n";
+ print "<h1>", $self->CGI->escapeHTML($Title), "</h1>\n";
}
}
diff --git a/testbot/lib/ObjectModel/CGI/ItemPage.pm b/testbot/lib/ObjectModel/CGI/ItemPage.pm
index f434dd3..7c6b361 100644
--- a/testbot/lib/ObjectModel/CGI/ItemPage.pm
+++ b/testbot/lib/ObjectModel/CGI/ItemPage.pm
@@ -92,17 +92,8 @@ sub GetTitle($)
{
my ($self) = @_;
- my $Title;
- if ($self->GetParam("Key"))
- {
- $Title = $self->GetParam("Key");
- }
- else
- {
- $Title = "Add " . $self->{Collection}->GetItemName();
- }
-
- return $self->escapeHTML($Title);
+ return $self->GetParam("Key") ? $self->GetParam("Key") :
+ "Add " . $self->{Collection}->GetItemName();
}
sub DisplayProperty($$)
diff --git a/testbot/lib/ObjectModel/CGI/Page.pm b/testbot/lib/ObjectModel/CGI/Page.pm
index 7946603..2abe066 100644
--- a/testbot/lib/ObjectModel/CGI/Page.pm
+++ b/testbot/lib/ObjectModel/CGI/Page.pm
@@ -113,6 +113,17 @@ sub SetCookies($)
$self->{PageBase}->SetCookies($self);
}
+=pod
+=over 12
+
+=head1 C<GetPageTitle()>
+
+This returns the page title as put in the HTML header.
+Note that this may not be valid HTML and thus need escaping.
+
+=back
+=cut
+
sub GetPageTitle($)
{
my ($self) = @_;
@@ -120,6 +131,17 @@ sub GetPageTitle($)
return $self->{PageBase}->GetPageTitle($self);
}
+=pod
+=over 12
+
+=head1 C<GetTitle()>
+
+This returns the title for the current web page or email section.
+Note that this may not be valid HTML and thus need escaping.
+
+=back
+=cut
+
sub GetTitle($)
{
#my ($self) = @_;
--
2.0.1
More information about the wine-patches
mailing list