tonyair
/
silverstripe-blog
mirror of https://github.com/silverstripe/silverstripe-blog
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

SECURITY: avoid XSS vulnerability within the Tags field in BlogEntry

This commit is contained in:
carlos barberis 2013-02-07 13:31:08 +13:00
parent ff439a5ac0
commit c2a6ba5b69
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
code/BlogEntry.php
View File

@ -100,7 +100,7 @@ class BlogEntry extends Page {
$link = $this->getParent() ? $this->getParent()->Link('tag') : '';
foreach($tags as $tag) {
$output->push(new ArrayData(array(
'Tag' => $tag,
'Tag' => Convert::raw2xml($tag),
'Link' => $link . '/' . urlencode($tag),
'URLTag' => urlencode($tag)
)));