tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-06-28 23:49:26 +02:00
Code Issues Projects Releases Wiki Activity

BUGFIX: Removed XSS holes (from r94823)

Browse Source 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@96773 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Sam Minnee 2010-01-12 23:43:47 +00:00
parent d2d32dafa5
commit 25a437e5a0
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
forms/ComplexTableField.php
View File

@ -832,7 +832,7 @@ class ComplexTableField_ItemRequest extends RequestHandler {
$message = sprintf(
_t('ComplexTableField.SUCCESSEDIT', 'Saved %s %s %s'),
$dataObject->singular_name(),
'<a href="' . $this->Link() . '">"' . $dataObject->Title . '"</a>',
'<a href="' . $this->Link() . '">"' . htmlspecialchars($dataObject->Title, ENT_QUOTES) . '"</a>',
$closeLink
);

4
security/Group.php
View File

@ -328,8 +328,8 @@ class Group extends DataObject {
}
public function TreeTitle() {
if($this->hasMethod('alternateTreeTitle')) return $this->alternateTreeTitle();
else return $this->Title;
if($this->hasMethod('alternateTreeTitle')) return $this->alternateTreeTitle();
else return htmlspecialchars($this->Title, ENT_QUOTES);
}
/**