From: Thomas Jarosch <thomas.jarosch@intra2net.com>
Date: Thu, 15 Jul 2010 09:43:07 +0000 (+0200)
Subject: Also filter single quotes and / in html_entities() to prevent XSS attack in normal... 
X-Git-Tag: v2.6~105
X-Git-Url: http://developer.intra2net.com/git/?a=commitdiff_plain;h=980577e1f053fce81c1e5b03274378894149f181;p=libi2ncommon

Also filter single quotes and / in html_entities() to prevent XSS attack in normal text
---

diff --git a/src/stringfunc.cpp b/src/stringfunc.cpp
index 1fe636a..16cd6bd 100644
--- a/src/stringfunc.cpp
+++ b/src/stringfunc.cpp
@@ -781,9 +781,11 @@ string html_entities(std::string str)
 {
    // Normal chars
    replace_all (str, "&", "&amp;");
-   replace_all (str, "\"", "&quot;");
    replace_all (str, "<", "&lt;");
    replace_all (str, ">", "&gt;");
+   replace_all (str, "\"", "&quot;");
+   replace_all (str, "'", "&#x27;");
+   replace_all (str, "/", "&#x2F;");
 
    // Umlauts
    replace_all (str, "\xC3\xA4", "&auml;");