BUGFIX: Removed XSS holes (from r94822) (from r96822)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/cms/trunk@102682 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Ingo Schommer 2010-04-13 03:59:09 +00:00
parent feeb1e40fa
commit 186e43e60b

View File

@ -349,7 +349,7 @@ class MemberTableField extends ComplexTableField {
$message = sprintf(
_t('ComplexTableField.SUCCESSADD', 'Added %s %s %s'),
$childData->singular_name(),
'<a href="' . $this->Link() . '">' . $childData->Title . '</a>',
'<a href="' . $this->Link() . '">' . htmlspecialchars($childData->Title, ENT_QUOTES) . '</a>',
$closeLink
);
$form->sessionMessage($message, 'good');