head	1.2;
access;
symbols
	pkgsrc-2013Q2:1.2.0.4
	pkgsrc-2013Q2-base:1.2
	pkgsrc-2012Q4:1.2.0.2
	pkgsrc-2012Q4-base:1.2
	pkgsrc-2012Q1:1.1.0.2
	pkgsrc-2012Q1-base:1.1;
locks; strict;
comment	@# @;


1.2
date	2012.06.16.12.27.59;	author taca;	state dead;
branches;
next	1.1;

1.1
date	2012.03.14.16.35.29;	author taca;	state Exp;
branches;
next	;


desc
@@


1.2
log
@Remove contao210 for now.  Use Contao 2.11, please.
@
text
@$NetBSD: patch-system_drivers_DC__Table.php,v 1.1 2012/03/14 16:35:29 taca Exp $

* Fix potential XSS vulnerability as Contao 2.11.2.

--- system/drivers/DC_Table.php.orig	2011-12-30 09:00:10.000000000 +0000
+++ system/drivers/DC_Table.php
@@@@ -557,10 +557,11 @@@@ class DC_Table extends DataContainer imp
 							$label = $i;
 						}
 
+						// Always encode special characters (thanks to Oliver Klee)
 						$return .= '
   <tr>
     <td'.$class.'><span class="tl_label">'.$label.': </span></td>
-    <td'.$class.'>'.$v.'</td>
+    <td'.$class.'>'.specialchars($v).'</td>
   </tr>';
 					}
 				}
@


1.1
log
@Add patches for security problems which fixed in Contao 2.11.2.

Bump PKGREVISION.
@
text
@d1 1
a1 1
$NetBSD$
@