Remove escaping exception for form field values
- This could allow code injection from a malicious query leading to a form page - Thanks to Laura Pîrcălăboiu for the report
This commit is contained in:
parent
13cb8bb395
commit
6f9e15ea57
7 changed files with 9 additions and 16 deletions
|
@ -1,4 +1,3 @@
|
|||
|
||||
<div class='field combobox'>
|
||||
<label for='id_{{$field.0}}' id='id_{{$field.0}}_label'>{{$field.1}}</label>
|
||||
{{* html5 don't work on Chrome, Safari and IE9
|
||||
|
@ -6,13 +5,13 @@
|
|||
<datalist id="data_{{$field.0}}">
|
||||
{{foreach $field.4 as $opt=>$val}}<option value="{{$val}}">{{/foreach}}
|
||||
</datalist> *}}
|
||||
|
||||
<input id="id_{{$field.0}}" type="text" value="{{$field.2 nofilter}}" aria-describedby='{{$field.0}}_tip'>
|
||||
|
||||
<input id="id_{{$field.0}}" type="text" value="{{$field.2}}" aria-describedby='{{$field.0}}_tip'>
|
||||
<select id="select_{{$field.0}}" onChange="$('#id_{{$field.0}}').val($(this).val())">
|
||||
<option value="">{{$field.5}}</option>
|
||||
{{foreach $field.4 as $opt=>$val}}<option value="{{$val}}">{{$val}}</option>{{/foreach}}
|
||||
</select>
|
||||
|
||||
|
||||
{{if $field.3}}
|
||||
<span class="field_help" role="tooltip" id="{{$field.0}}_tip">{{$field.3 nofilter}}</span>
|
||||
{{/if}}
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
|
||||
<div class='field input openid' id='wrapper_{{$field.0}}'>
|
||||
<label for='id_{{$field.0}}'>{{$field.1}}</label>
|
||||
<input name='{{$field.0}}' id='id_{{$field.0}}' type="text" value="{{$field.2 nofilter}}" {{if $field.4}} readonly="readonly" {{/if}} aria-describedby='{{$field.0}}_tip'>
|
||||
<input name='{{$field.0}}' id='id_{{$field.0}}' type="text" value="{{$field.2}}" {{if $field.4}} readonly="readonly" {{/if}} aria-describedby='{{$field.0}}_tip'>
|
||||
{{if $field.3}}
|
||||
<span class="field_help" role="tooltip" id="{{$field.0}}_tip">{{$field.3 nofilter}}</span>
|
||||
{{/if}}
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
|
||||
<div class="field password" id="wrapper_{{$field.0}}">
|
||||
<label for="id_{{$field.0}}">{{$field.1}}{{if $field.4}} <span class="required" title="{{$field.4}}">*</span>{{/if}}</label>
|
||||
<input type="password" name="{{$field.0}}" id="id_{{$field.0}}" value="{{$field.2 nofilter}}"{{if $field.4}} required{{/if}}{{if $field.5 eq "autofocus"}} autofocus{{elseif $field.5}} {{$field.5}}{{/if}}{{if $field.6}} pattern="(($field.6}}"{{/if}} aria-describedby="{{$field.0}}_tip">
|
||||
<input type="password" name="{{$field.0}}" id="id_{{$field.0}}" value="{{$field.2}}"{{if $field.4}} required{{/if}}{{if $field.5 eq "autofocus"}} autofocus{{elseif $field.5}} {{$field.5}}{{/if}}{{if $field.6}} pattern="(($field.6}}"{{/if}} aria-describedby="{{$field.0}}_tip">
|
||||
{{if $field.3}}
|
||||
<span class="field_help" role="tooltip" id="{{$field.0}}_tip">{{$field.3 nofilter}}</span>
|
||||
{{/if}}
|
||||
|
|
|
@ -1,9 +1,8 @@
|
|||
|
||||
<div class="form-group field input color">
|
||||
<label for="id_{{$field.0}}" id="label_{{$field.0}}">{{$field.1}}{{if $field.4}} <span class="required" title="{{$field.4}}">*</span>{{/if}}</label>
|
||||
<div class="input-group" id="{{$field.0}}">
|
||||
<span class="input-group-addon"><i></i></span>
|
||||
<input class="form-control color" name="{{$field.0}}" id="id_{{$field.0}}" type="text" value="{{$field.2 nofilter}}"{{if $field.4}} required{{/if}} aria-describedby="{{$field.0}}_tip">
|
||||
<input class="form-control color" name="{{$field.0}}" id="id_{{$field.0}}" type="text" value="{{$field.2}}"{{if $field.4}} required{{/if}} aria-describedby="{{$field.0}}_tip">
|
||||
</div>
|
||||
{{if $field.3}}
|
||||
<span class="help-block" id="{{$field.0}}_tip" role="tooltip">{{$field.3 nofilter}}</span>
|
||||
|
|
|
@ -1,8 +1,7 @@
|
|||
|
||||
<div class="form-group field input file">
|
||||
<label for="id_{{$field.0}}" id="label_{{$field.0}}">{{$field.1}}{{if $field.4}} <span class="required" title="{{$field.4}}">*</span>{{/if}}</label>
|
||||
<div class="input-group" id="{{$field.0}}">
|
||||
<input class="form-control file" name="{{$field.0}}" id="id_{{$field.0}}" type="text" value="{{$field.2 nofilter}}"{{if $field.4}} required{{/if}} aria-describedby="{{$field.0}}_tip">
|
||||
<input class="form-control file" name="{{$field.0}}" id="id_{{$field.0}}" type="text" value="{{$field.2}}"{{if $field.4}} required{{/if}} aria-describedby="{{$field.0}}_tip">
|
||||
<span class="input-group-addon image-select"><i class="fa fa-picture-o"></i></span>
|
||||
</div>
|
||||
{{if $field.3}}
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
|
||||
<div id="id_{{$field.0}}_wrapper" class="form-group field input openid">
|
||||
<label for="id_{{$field.0}}" id="label_{{$field.0}}">{{$field.1}}</label>
|
||||
<input class="form-control" name="{{$field.0}}" id="id_{{$field.0}}" type="text" value="{{$field.2 nofilter}}" {{if $field.4}} readonly="readonly" {{/if}} aria-describedby="{{$field.0}}_tip">
|
||||
<input class="form-control" name="{{$field.0}}" id="id_{{$field.0}}" type="text" value="{{$field.2}}" {{if $field.4}} readonly="readonly" {{/if}} aria-describedby="{{$field.0}}_tip">
|
||||
{{if $field.3}}
|
||||
<span class="help-block" id="{{$field.0}}_tip" role="tooltip">{{$field.3 nofilter}}</span>
|
||||
{{/if}}
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
|
||||
<div id="id_{{$field.0}}_wrapper" class="form-group field input password">
|
||||
<label for="id_{{$field.0}}" id="label_{{$field.0}}">{{$field.1}}{{if $field.4}} <span class="required" title="{{$field.4}}">*</span>{{/if}}</label>
|
||||
<input class="form-control" name="{{$field.0}}" id="id_{{$field.0}}" type="password" value="{{$field.2 nofilter}}" {{if $field.4}} required{{/if}}{{if $field.5 eq "autofocus"}} autofocus{{elseif $field.5}} {{$field.5}}{{/if}}{{if $field.6}} pattern="{{$field.6}}"{{/if}} aria-describedby="{{$field.0}}_tip">
|
||||
<input class="form-control" name="{{$field.0}}" id="id_{{$field.0}}" type="password" value="{{$field.2}}" {{if $field.4}} required{{/if}}{{if $field.5 eq "autofocus"}} autofocus{{elseif $field.5}} {{$field.5}}{{/if}}{{if $field.6}} pattern="{{$field.6}}"{{/if}} aria-describedby="{{$field.0}}_tip">
|
||||
{{if $field.3}}
|
||||
<span class="help-block" id="{{$field.0}}_tip" role="tooltip">{{$field.3 nofilter}}</span>
|
||||
{{/if}}
|
||||
|
|
Loading…
Reference in a new issue