tonyair/silverstripe-reports
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-reports synced 2024-09-30 05:09:11 +02:00
Code Issues Projects Releases Wiki Activity

BUGFIX: Removed XSS holes (from r94822)

Browse Source 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/cms/branches/2.4@96822 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Sam Minnee 2010-01-13 00:09:17 +00:00
parent ee2490fe68
commit c124dd23fa
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
code/MemberTableField.php
View File

@ -285,6 +285,7 @@ class MemberTableField extends ComplexTableField {
function saveComplexTableField($data, $form, $params) { function saveComplexTableField($data, $form, $params) {
$className = $this->sourceClass(); $className = $this->sourceClass();
$childData = new $className(); $childData = new $className();
$form->saveInto($childData); $form->saveInto($childData);
$childData->write(); $childData->write();
@ -297,7 +298,7 @@ class MemberTableField extends ComplexTableField {
$message = sprintf( $message = sprintf(
_t('ComplexTableField.SUCCESSADD', 'Added %s %s %s'), _t('ComplexTableField.SUCCESSADD', 'Added %s %s %s'),
$childData->singular_name(), $childData->singular_name(),
'<a href="' . $this->Link() . '">' . $childData->Title . '</a>', '<a href="' . $this->Link() . '">' . htmlspecialchars($childData->Title, ENT_QUOTES) . '</a>',
$closeLink $closeLink
); );
$form->sessionMessage($message, 'good'); $form->sessionMessage($message, 'good');