BUGFIX: Removed XSS holes (from r94823) (from r96773)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@102402 467b73ca-7a2a-4603-9d3b-597d59a354a9
2024-09-29 20:59:23 +02:00 · 2010-04-12 03:21:00 +00:00 · 2010-04-12 03:21:00 +00:00 · 89176afbc4
commit 89176afbc4
parent ea51802fec
2 changed files with 3 additions and 3 deletions
--- a/forms/ComplexTableField.php
+++ b/forms/ComplexTableField.php
@ -832,7 +832,7 @@ class ComplexTableField_ItemRequest extends RequestHandler {
 		$message = sprintf(
 			_t('ComplexTableField.SUCCESSEDIT', 'Saved %s %s %s'),
 			$dataObject->singular_name(),
-			'<a href="' . $this->Link() . '">"' . $dataObject->Title . '"</a>',
+			'<a href="' . $this->Link() . '">"' . htmlspecialchars($dataObject->Title, ENT_QUOTES) . '"</a>',
 			$closeLink
 		);
 		
--- a/security/Group.php
+++ b/security/Group.php
@ -323,8 +323,8 @@ class Group extends DataObject {
 	}
 	
 	public function getTreeTitle() {
-        if($this->hasMethod('alternateTreeTitle')) return $this->alternateTreeTitle();
-		else return $this->Title;
+	    if($this->hasMethod('alternateTreeTitle')) return $this->alternateTreeTitle();
+		else return htmlspecialchars($this->Title, ENT_QUOTES);
 	}
 	
 	/**