--- lib/class.wsdl.php 2010-04-26 16:38:08.000000000 -0400 +++ lib.new/class.wsdl.php 2010-09-02 22:27:53.963411943 -0400 @@ -842,9 +842,9 @@ <body> <div class=content> <br><br> - <div class=title>'.$this->serviceName.'</div> + <div class=title>'.htmlentities($this->serviceName).'</div> <div class=nav> - <p>View the <a href="'.$PHP_SELF.'?wsdl">WSDL</a> for the service. + <p>View the <a href="'.htmlentities($PHP_SELF).'?wsdl">WSDL</a> for the service. Click on an operation name to view it's details.</p> <ul>'; foreach($this->getOperations() as $op => $data){ @@ -854,21 +854,21 @@ <a href='#' onclick='popout()'><font color='#ffffff'>Close</font></a><br><br>"; foreach($data as $donnie => $marie){ // loop through opdata if($donnie == 'input' || $donnie == 'output'){ // show input/output data - $b .= "<font color='white'>".ucfirst($donnie).':</font><br>'; + $b .= "<font color='white'>".htmlentities(ucfirst($donnie)).':</font><br>'; foreach($marie as $captain => $tenille){ // loop through data if($captain == 'parts'){ // loop thru parts - $b .= " $captain:<br>"; + $b .= " ".htmlentities($captain).":<br>"; //if(is_array($tenille)){ foreach($tenille as $joanie => $chachi){ - $b .= " $joanie: $chachi<br>"; + $b .= " ".htmlentities($joanie).": ".htmlentities($chachi)."<br>"; } //} } else { - $b .= " $captain: $tenille<br>"; + $b .= " ".htmlentities($captain).": ".htmlentities($tenille)."<br>"; } } } else { - $b .= "<font color='white'>".ucfirst($donnie).":</font> $marie<br>"; + $b .= "<font color='white'>".htmlentities(ucfirst($donnie)).":</font> ".htmlentities($marie)."<br>"; } } $b .= '</div>'; @@ -1935,4 +1935,4 @@ } } -?> \ No newline at end of file +?> --- lib/nusoap.php 2010-04-26 16:38:08.000000000 -0400 +++ lib.new/nusoap.php 2010-09-02 22:40:38.277661391 -0400 @@ -5424,9 +5424,9 @@ <body> <div class=content> <br><br> - <div class=title>'.$this->serviceName.'</div> + <div class=title>'.htmlentities($this->serviceName).'</div> <div class=nav> - <p>View the <a href="'.$PHP_SELF.'?wsdl">WSDL</a> for the service. + <p>View the <a href="'.htmlentities($PHP_SELF).'?wsdl">WSDL</a> for the service. Click on an operation name to view it's details.</p> <ul>'; foreach($this->getOperations() as $op => $data){ @@ -5436,21 +5436,21 @@ <a href='#' onclick='popout()'><font color='#ffffff'>Close</font></a><br><br>"; foreach($data as $donnie => $marie){ // loop through opdata if($donnie == 'input' || $donnie == 'output'){ // show input/output data - $b .= "<font color='white'>".ucfirst($donnie).':</font><br>'; + $b .= "<font color='white'>".htmlentities(ucfirst($donnie)).':</font><br>'; foreach($marie as $captain => $tenille){ // loop through data if($captain == 'parts'){ // loop thru parts - $b .= " $captain:<br>"; + $b .= " ".htmlentities($captain).":<br>"; //if(is_array($tenille)){ foreach($tenille as $joanie => $chachi){ - $b .= " $joanie: $chachi<br>"; + $b .= " ".htmlentities($joanie).": ".htmlentities($chachi)."<br>"; } //} } else { - $b .= " $captain: $tenille<br>"; + $b .= " ".htmlentities($captain).": ".htmlentities($tenille)."<br>"; } } } else { - $b .= "<font color='white'>".ucfirst($donnie).":</font> $marie<br>"; + $b .= "<font color='white'>".htmlentities(ucfirst($donnie)).":</font> ".htmlentities($marie)."<br>"; } } $b .= '</div>';