From 186e43e60beab2d43cd609153f7346684800bc81 Mon Sep 17 00:00:00 2001
From: Ingo Schommer <ingo@silverstripe.com>
Date: Tue, 13 Apr 2010 03:59:09 +0000
Subject: [PATCH] BUGFIX: Removed XSS holes (from r94822) (from r96822)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/cms/trunk@102682 467b73ca-7a2a-4603-9d3b-597d59a354a9
---
 code/MemberTableField.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/code/MemberTableField.php b/code/MemberTableField.php
index 279bc6c6..58e28cd3 100755
--- a/code/MemberTableField.php
+++ b/code/MemberTableField.php
@@ -349,7 +349,7 @@ class MemberTableField extends ComplexTableField {
 		$message = sprintf(
 			_t('ComplexTableField.SUCCESSADD', 'Added %s %s %s'),
 			$childData->singular_name(),
-			'<a href="' . $this->Link() . '">' . $childData->Title . '</a>',
+			'<a href="' . $this->Link() . '">' . htmlspecialchars($childData->Title, ENT_QUOTES) . '</a>',
 			$closeLink
 		);
 		$form->sessionMessage($message, 'good');