tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity

BUGFIX: Removed XSS holes (from r94823) (from r96773)

Browse Source 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@102402 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Ingo Schommer 2010-04-12 03:21:00 +00:00
parent ea51802fec
commit 89176afbc4
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
forms/ComplexTableField.php
View File

@ -832,7 +832,7 @@ class ComplexTableField_ItemRequest extends RequestHandler {
$message = sprintf( $message = sprintf(
_t('ComplexTableField.SUCCESSEDIT', 'Saved %s %s %s'), _t('ComplexTableField.SUCCESSEDIT', 'Saved %s %s %s'),
$dataObject->singular_name(), $dataObject->singular_name(),
'<a href="' . $this->Link() . '">"' . $dataObject->Title . '"</a>', '<a href="' . $this->Link() . '">"' . htmlspecialchars($dataObject->Title, ENT_QUOTES) . '"</a>',
$closeLink $closeLink
); );

2
security/Group.php
View File

@ -324,7 +324,7 @@ class Group extends DataObject {
public function getTreeTitle() { public function getTreeTitle() {
if($this->hasMethod('alternateTreeTitle')) return $this->alternateTreeTitle(); if($this->hasMethod('alternateTreeTitle')) return $this->alternateTreeTitle();
else return $this->Title; else return htmlspecialchars($this->Title, ENT_QUOTES);
} }
/** /**