mirror of
https://github.com/silverstripe/silverstripe-cms
synced 2024-10-22 08:05:56 +02:00
BUGFIX: Removed XSS holes (from r94822)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/cms/branches/2.4@96822 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
parent
ee2490fe68
commit
c124dd23fa
@ -285,6 +285,7 @@ class MemberTableField extends ComplexTableField {
|
|||||||
function saveComplexTableField($data, $form, $params) {
|
function saveComplexTableField($data, $form, $params) {
|
||||||
$className = $this->sourceClass();
|
$className = $this->sourceClass();
|
||||||
$childData = new $className();
|
$childData = new $className();
|
||||||
|
|
||||||
$form->saveInto($childData);
|
$form->saveInto($childData);
|
||||||
$childData->write();
|
$childData->write();
|
||||||
|
|
||||||
@ -297,7 +298,7 @@ class MemberTableField extends ComplexTableField {
|
|||||||
$message = sprintf(
|
$message = sprintf(
|
||||||
_t('ComplexTableField.SUCCESSADD', 'Added %s %s %s'),
|
_t('ComplexTableField.SUCCESSADD', 'Added %s %s %s'),
|
||||||
$childData->singular_name(),
|
$childData->singular_name(),
|
||||||
'<a href="' . $this->Link() . '">' . $childData->Title . '</a>',
|
'<a href="' . $this->Link() . '">' . htmlspecialchars($childData->Title, ENT_QUOTES) . '</a>',
|
||||||
$closeLink
|
$closeLink
|
||||||
);
|
);
|
||||||
$form->sessionMessage($message, 'good');
|
$form->sessionMessage($message, 'good');
|
||||||
|
Loading…
Reference in New Issue
Block a user