- fixing escaping of script tag in referers (xss)

author: matt <matt@59fd770c-687e-43c8-a1e3-f5a4ff64c105> 2008-11-17 16:08:36 +0300
committer: matt <matt@59fd770c-687e-43c8-a1e3-f5a4ff64c105> 2008-11-17 16:08:36 +0300
commit: b7a86b53328437212439e18a8acdd6f8e099fa49 (patch)
tree: 8ea1f41bd7da5f4773b455f17b417d1352619d9f /core/ViewDataTable.php
parent: 890e7d9d15b89eed8ddc4bb0019fedd5c6250e4f (diff)
1 files changed, 12 insertions, 0 deletions
diff --git a/core/ViewDataTable.php b/core/ViewDataTable.php
index 7f95c4b544..0123d03644 100644
--- a/core/ViewDataTable.php
+++ b/core/ViewDataTable.php
@@ -287,6 +287,7 @@ abstract class Piwik_ViewDataTable
 		$this->showFooter = Piwik_Common::getRequestVar('showDataTableFooter', true);
 		$this->variablesDefault['filter_excludelowpop_default'] = 'false';
 		$this->variablesDefault['filter_excludelowpop_value_default'] = 'false';	
+		$this->setSafeDecodeLabel();
 	}
 	
 	/**
@@ -366,6 +367,7 @@ abstract class Piwik_ViewDataTable
 			'filter_exact_column',
 			'disable_generic_filters',
 			'disable_queued_filters',
+			'filter_safe_decode_label'
 		);
 		foreach($toSetEventually as $varToSet)
 		{
@@ -765,6 +767,16 @@ abstract class Piwik_ViewDataTable
 	}
 	
 	/**
+	 * The 'label' column in the datatable will be safely url decoded. 
+	 *
+	 * @return void
+	 */
+	public function setSafeDecodeLabel()
+	{
+		$this->variablesDefault['filter_safe_decode_label'] = '1';
+	}
+	
+	/**
 	 * Sets a custom parameter, that will be printed in the javascript array associated with each datatable
 	 *
 	 * @param string parameter name
author	matt <matt@59fd770c-687e-43c8-a1e3-f5a4ff64c105>	2008-11-17 16:08:36 +0300
committer	matt <matt@59fd770c-687e-43c8-a1e3-f5a4ff64c105>	2008-11-17 16:08:36 +0300
commit	b7a86b53328437212439e18a8acdd6f8e099fa49 (patch)
tree	8ea1f41bd7da5f4773b455f17b417d1352619d9f /core/ViewDataTable.php
parent	890e7d9d15b89eed8ddc4bb0019fedd5c6250e4f (diff)