Merge pull request #8 from samdark/xss-fixes

Fixed potential security issues
2014-12-20 00:50:23 +05:00 · 2014-12-20 00:50:23 +05:00 · b82a7b6ceb
commit b82a7b6ceb
parent 672c266f08 cbf9b3a277
4 changed files with 7 additions and 7 deletions
--- a/src/www/themes/oldpiratebay/views/layouts/head.php
+++ b/src/www/themes/oldpiratebay/views/layouts/head.php
@ -2,7 +2,7 @@
 <html lang="en">
 <head>
    <meta charset="utf-8">
-    <title><?= $this->pageTitle; ?></title>
+    <title><?= CHtml::encode($this->pageTitle); ?></title>
    <meta name="description" content="Download music, movies, games, software and much more. The Pirate Bay is the world's largest bittorrent tracker.">
    <meta name="keywords" content="mp3, avi, bittorrent, piratebay, pirate bay, proxy, torrent, torrents, movies, music, games, applications, apps, download, upload, share, kopimi, magnets, magnet">
    <!--[if lt IE 9]>
--- a/src/www/themes/oldpiratebay/views/main/categories.php
+++ b/src/www/themes/oldpiratebay/views/main/categories.php
@ -1,10 +1,10 @@
 <div class="browse-cats short-query">
    <?php foreach ($tags as $tag) {
-        $tagLower = mb_strtolower($tag);
+        $tagLower = mb_strtolower($tag, Yii::app()->charset);
        $tagId = array_search($tag, LCategory::$categoriesTags);
    ?>
    <div class="bg-white mb p">
-        <h3 class="mt0"><a href="<?= $this->createUrl('main/search', array('iht' => $tagId, 'age' => 0)); ?>"><?= $tag; ?> Torrents</a></h3>
+        <h3 class="mt0"><a href="<?= $this->createUrl('main/search', array('iht' => $tagId, 'age' => 0)); ?>"><?= CHtml::encode($tag); ?> Torrents</a></h3>
        <small>
            <a href="<?= $this->createUrl('main/search', array('iht' => $tagId, 'ihs' => 1, 'age' => 1)); ?>">For last day only</a>
        </small>
--- a/src/www/themes/oldpiratebay/views/main/index.php
+++ b/src/www/themes/oldpiratebay/views/main/index.php
@ -18,7 +18,7 @@
                $tags = LCategory::$categoriesTags;
                foreach($tags as $tagId => $tag) { ?>
-                    <label title="<?=$tag;?>"><input name="iht" type="checkbox" value="<?=$tagId;?>"><?= $tag; ?></label>
+                    <label title="<?= CHtml::encode($tag);?>"><input name="iht" type="checkbox" value="<?=$tagId;?>"><?= CHtml::encode($tag); ?></label>
                <?php
                }
                ?>
--- a/src/www/themes/oldpiratebay/views/main/view.php
+++ b/src/www/themes/oldpiratebay/views/main/view.php
@ -1,12 +1,12 @@
 <div id="detailsouterframe">
    <div id="detailsframe">
-        <div id="title"><a href="<?= $torrent->getUrl(); ?>" class="link-textcolor vm"><?= $torrent->name; ?> torrent</a></div>
+        <div id="title"><a href="<?= $torrent->getUrl(); ?>" class="link-textcolor vm"><?= CHtml::encode($torrent->name); ?> torrent</a></div>
        <div id="details">
            <dl class="col1">
                <dt>Type:</dt>
-                <dd><a href="<?= $this->createUrl('main/search', array('iht' => $torrent->getCategoryTagId(), 'age' => 0)); ?>"><?= ucfirst($torrent->getCategoryTag()); ?></a></dd>
+                <dd><a href="<?= $this->createUrl('main/search', array('iht' => $torrent->getCategoryTagId(), 'age' => 0)); ?>"><?= CHtml::encode(ucfirst($torrent->getCategoryTag())); ?></a></dd>
                <dt>Files:</dt>
                <dd><?= $torrent->files_count ?: "N/A" ; ?></dd>
@ -21,7 +21,7 @@
                <dd><?= number_format($torrent->leechers, 0, '.', ' '); ?></dd>
                <br>
-                <dt>Info Hash:</dt><dd><?= $torrent->hash; ?></dd>
+                <dt>Info Hash:</dt><dd><?= CHtml::encode($torrent->hash); ?></dd>
            </dl>
            <br><br>