Properly escape user-defined values to avoid XSS.
Also fixes links to modify/delete alert when alert name include quotes.
Also limited alert name to 30 chars, as it is defined in the DB.
Description
Description
Details
Details
- Committed
Jerome Caffaro <jerome.caffaro@cern.ch> Sep 26 2008, 08:56 - Parents
- R3600:97ec34236d0f: Properly escape parameters of SQL statements.
- Branches
- Unknown
- Tags