tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-09-29 12:49:06 +02:00
Code Issues Projects Releases Wiki Activity

[SS-2016-016] FIX Properly escape backURL for template injection

Browse Source
This commit is contained in:
Daniel Hensby 2016-10-27 16:03:25 +01:00
parent c914dde7d1
commit 17097a4d11
No known key found for this signature in database
GPG Key ID: B00D1E9767F0B06E
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
security/CMSSecurity.php
View File

@ -204,7 +204,7 @@ PHP
'<p>Login success. If you are not automatically redirected '.
'<a target="_top" href="{link}">click here</a></p>',
'Login message displayed in the cms popup once a user has re-authenticated themselves',
array('link' => $backURL)
array('link' => Convert::raw2att($backURL))
)
));