From c124dd23fa210bb5421796595fbbc4ec5f6057bc Mon Sep 17 00:00:00 2001
From: Sam Minnee <sam@silverstripe.com>
Date: Wed, 13 Jan 2010 00:09:17 +0000
Subject: [PATCH] BUGFIX: Removed XSS holes (from r94822)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/cms/branches/2.4@96822 467b73ca-7a2a-4603-9d3b-597d59a354a9
---
 code/MemberTableField.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/code/MemberTableField.php b/code/MemberTableField.php
index 7a17292e..aaceb7db 100755
--- a/code/MemberTableField.php
+++ b/code/MemberTableField.php
@@ -285,6 +285,7 @@ class MemberTableField extends ComplexTableField {
 	function saveComplexTableField($data, $form, $params) {
 		$className = $this->sourceClass();
 		$childData = new $className();
+		
 		$form->saveInto($childData);
 		$childData->write();
 
@@ -297,7 +298,7 @@ class MemberTableField extends ComplexTableField {
 		$message = sprintf(
 			_t('ComplexTableField.SUCCESSADD', 'Added %s %s %s'),
 			$childData->singular_name(),
-			'<a href="' . $this->Link() . '">' . $childData->Title . '</a>',
+			'<a href="' . $this->Link() . '">' . htmlspecialchars($childData->Title, ENT_QUOTES) . '</a>',
 			$closeLink
 		);
 		$form->sessionMessage($message, 'good');