- Improving security by added -limit_to xxx to all im_opt_val calls

sql/oracle/intranet-forum-create.sql

@@ -560,8 +560,8 @@ begin
 				forum_view_name \
 			] \
 			-forum_type project \
-			-view_name [im_opt_val forum_view_name] \
-			-forum_order_by [im_opt_val forum_order_by] \
+			-view_name [im_opt_val -limit_to nohtml forum_view_name] \
+			-forum_order_by [im_opt_val -limit_to nohtml forum_order_by] \
 			-restrict_to_mine_p "f" \
 			-restrict_to_new_topics 1 
 		]'
@@ -604,8 +604,8 @@ begin
 				forum_view_name \
 			] \
 			-forum_type company \
-			-view_name [im_opt_val forum_view_name] \
-			-forum_order_by [im_opt_val forum_order_by] \
+			-view_name [im_opt_val -limit_to nohtml forum_view_name] \
+			-forum_order_by [im_opt_val -limit_to nohtml forum_order_by] \
 			-restrict_to_mine_p "f" \
 			-restrict_to_new_topics 1 \
 			-restrict_to_employees 1 \
@@ -646,8 +646,8 @@ begin
 				forum_view_name \
 			] \
 			-forum_type home \
-			-view_name [im_opt_val forum_view_name] \
-			-forum_order_by [im_opt_val forum_order_by] \
+			-view_name [im_opt_val -limit_to nohtml forum_view_name] \
+			-forum_order_by [im_opt_val -limit_to nohtml forum_order_by] \
 			-restrict_to_mine_p t \
 			-restrict_to_new_topics 1
 		]'
@@ -659,4 +659,4 @@ show errors
 commit;
 
 
-@../common/intranet-forum-common.sql
\ No newline at end of file
+@../common/intranet-forum-common.sql

www/index.tcl

@@ -176,8 +176,8 @@ set forum_content [im_forum_component \
 	-return_url		$return_url \
 	-start_idx		$forum_start_idx \
 	-export_var_list	$export_var_list \
-	-view_name 		[im_opt_val forum_view_name] \
-	-forum_order_by		[im_opt_val forum_order_by] \
+	-view_name 		[im_opt_val -limit_to alnum forum_view_name] \
+	-forum_order_by		[im_opt_val -limit_to alnum forum_order_by] \
 	-restrict_to_mine_p	$forum_mine_p \
 	-restrict_to_folder	$forum_folder \
 	-restrict_to_new_topics 0 \
@@ -210,4 +210,4 @@ set left_navbar_html "
 "
 
 
-ad_return_template
\ No newline at end of file
+ad_return_template