tonyair/silverstripe-blog
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-blog synced 2024-06-24 13:39:33 +02:00
Code Issues Projects Releases Wiki Activity

SECURITY: avoid XSS vulnerability within the Tags field in BlogEntry

Browse Source
This commit is contained in:
carlos barberis 2013-02-07 13:31:08 +13:00
parent ff439a5ac0
commit c2a6ba5b69
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
code/BlogEntry.php
View File

@ -100,7 +100,7 @@ class BlogEntry extends Page {
$link = $this->getParent() ? $this->getParent()->Link('tag') : ''; $link = $this->getParent() ? $this->getParent()->Link('tag') : '';
foreach($tags as $tag) { foreach($tags as $tag) {
$output->push(new ArrayData(array( $output->push(new ArrayData(array(
'Tag' => $tag, 'Tag' => Convert::raw2xml($tag),
'Link' => $link . '/' . urlencode($tag), 'Link' => $link . '/' . urlencode($tag),
'URLTag' => urlencode($tag) 'URLTag' => urlencode($tag)
))); )));