Project

General

Profile

Revision 240

View differences:

branches/extplorer2/admin.extplorer.php
39 39
**/
40 40

  
41 41
// The eXtplorer version number
42
$GLOBALS['ext_version'] = '2.1.5';
42
$GLOBALS['ext_version'] = '2.1.6';
43 43
$GLOBALS['ext_home'] = 'http://extplorer.net';
44 44

  
45 45
//------------------------------------------------------------------------------
branches/extplorer2/scripts/application.js.php
3 3
if( !defined( '_JEXEC' ) && !defined( '_VALID_MOS' ) ) die( 'Restricted access' );
4 4
/**
5 5
 * @package eXtplorer
6
 * @copyright soeren 2007-2013
6
 * @copyright soeren 2007-2014
7 7
 * @author The eXtplorer project (http://extplorer.net)
8 8
 * @license
9 9
 * @version $Id$
......
87 87
    // pluggable renders
88 88
    function renderFileName(value,p, record){
89 89
        var t = new Ext.Template("<img src=\"{0}\" alt=\"* \" align=\"absmiddle\" />&nbsp;<b>{1}</b>");
90
        return t.apply([record.get('icon'), value] );
90
        return t.apply([record.get('icon'), value.replace(/[\u00A0-\u9999<>\&]/gim, function(i) {    return '&#'+i.charCodeAt(0)+';';})] );
91 91
    }
92 92
    function renderType(value){
93 93
        var t = new Ext.Template("<i>{0}</i>");
branches/extplorer2/CHANGELOG.txt
2 2
Changelog for eXtplorer
3 3
Version $Id$
4 4
****************************
5

  
6
--- version 2.1.7 ---
7
- fixed SWFUpload against XSS vulnerabilities
8
- fixed XSS vulnerability in file list
9

  
10

  
5 11
--- version 2.1.6 ---
6 12
- fixed https usage for ports other than 443
7 13
- fixed XSS issue related to PHP_SELF
branches/extplorer2/include/edit.php
182 182
	"labelWidth": "300",
183 183
	"autoScroll": "true", 
184 184
	"url":"<?php echo basename( $GLOBALS['script_name']) ?>",
185
	"title": "<?php echo strlen($s_item) > 50 ? substr( $s_item, strlen($s_item)-30, 30 ) : $s_item; ?>",
185
	"title": "<?php echo strlen($s_item) > 50 ? substr( htmlentities($s_item,ENT_QUOTES), strlen($s_item)-30, 30 ) : htmlentities($s_item,ENT_QUOTES); ?>",
186 186
	"frame": "true",
187 187
	"closable": "true",
188 188
	"tbar": [{
......
254 254
	}],	
255 255
	"items": [{
256 256
		"xtype": "displayfield",
257
		"value": "<?php echo $GLOBALS["messages"]["actedit"].": $s_item" ?>"
257
		"value": "<?php echo $GLOBALS["messages"]["actedit"].': '.htmlentities($s_item,ENT_QUOTES) ?>"
258 258
		},
259 259
		{
260 260
		"xtype": "textarea",
......
283 283
			"xtype": "textfield",
284 284
			"fieldLabel": "<?php echo ext_Lang::msg('copyfile', true ) ?>",
285 285
			"name": "fname",
286
			"value": "<?php echo $item ?>",
286
			"value": "<?php echo addslashes($item) ?>",
287 287
			"clear": "true"
288 288
			}
289 289
<?php if ($langs == "japanese"){ ?>

Also available in: Unified diff