Main menu

Forum


× Help Forum English

Special chars need to be escaped in event title

  • Lemke
  • Autore della discussione
  • New Member
  • New Member
Di più
3 Anni 9 Mesi fa #17076 da Lemke
I am currently evaluating whether ICagenda is suitable for my purposes. In the course I discovered that event titles containing double quotes lead to errors. Example:
The event title is
Industrielle Praxis "Cloud Operations Workshop mit Bosch" (Workshop für Studierende)

This leads to the following generated html:
<div class="event ic-event ic-clearfix">
       <a href="/joomla/index.php/veranstaltungen-2/1-industrielle-praxis-cloud-operations-workshop-mit-bosch-workshop-fuer-studierende?date=2020-11-02-17-30" title="Industrielle Praxis " cloud="" operations="" workshop="" mit="" bosch"="" (workshop="" für="" studierende)"="">

I suppose the event title needs to be escaped using php htmlspecialchars. This might also be a security risk.

Si prega Accedi o Crea un account a partecipare alla conversazione.

 

  • Lyr!C
  • Avatar di Lyr!C
  • Administrator
  • Administrator
  • Lead Developer
Di più
3 Anni 9 Mesi fa #17077 da Lyr!C
Hello,

Thank you for this report!

I don't see any security risk here, as it's only in a html layout rendering function.

But it's missing to escape...

Attached a version with the patch!

Best regards,
Cyril

File allegato:

Nome del file: iCagenda_3...dev1.zip
Dimensione del file:1,775 KB

Latest version : iCagenda 3.9.2
We recommend every user to keep iCagenda updated.
Don't forget to have your Joomla!™ up-to-date!

Do you like iCagenda?
I would appreciate if you could take 5 minutes to post a review on JED (Joomla Extensions Directory) .

File allegato:

Allegati:

Si prega Accedi o Crea un account a partecipare alla conversazione.

Moderatori: Lyr!C
Tempo creazione pagina: 0.170 secondi

 

Follow Us

acymailing logo new

Create your Joomla templates with Template Creator CK