BUGFIX Fixed XSS vulnerability in BlogTree? when filtering by tags

This commit is contained in:
Saophalkun Ponlu 2010-10-03 21:40:01 +00:00
parent 965b81c0a3
commit a6734d3609

View File

@ -222,7 +222,7 @@ class BlogTree extends Page {
class BlogURL {
static function tag() {
if (Director::urlParam('Action') == 'tag') return Director::urlParam('ID');
if (Director::urlParam('Action') == 'tag') return Convert::raw2xml(Director::urlParam('ID'));
return '';
}