From 3593f03f7e793ba42cea45af046a5bf4143dcfde Mon Sep 17 00:00:00 2001
From: Ingo Schommer <ingo@silverstripe.com>
Date: Sun, 3 Oct 2010 20:02:43 +0000
Subject: [PATCH] BUGFIX Fixed XSS vulnerability in BlogTree when filtering by
 tags

---
 code/BlogTree.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/code/BlogTree.php b/code/BlogTree.php
index b6d4533..01ad118 100644
--- a/code/BlogTree.php
+++ b/code/BlogTree.php
@@ -298,7 +298,7 @@ class BlogTree_Controller extends Page_Controller {
 	 * @return String
 	 */
 	function SelectedTag() {
-		return ($this->request->latestParam('Action') == 'tag') ? $this->request->latestParam('ID') : '';
+		return ($this->request->latestParam('Action') == 'tag') ? Convert::raw2xml($this->request->latestParam('ID')) : '';
 	}
 	
 	/**