BUGFIX Fixed XSS vulnerability in BlogTree when filtering by tags

This commit is contained in:
Ingo Schommer 2010-10-03 20:02:43 +00:00
parent 92c09ee62f
commit 3593f03f7e

View File

@ -298,7 +298,7 @@ class BlogTree_Controller extends Page_Controller {
* @return String
*/
function SelectedTag() {
return ($this->request->latestParam('Action') == 'tag') ? $this->request->latestParam('ID') : '';
return ($this->request->latestParam('Action') == 'tag') ? Convert::raw2xml($this->request->latestParam('ID')) : '';
}
/**