mirror of
https://github.com/silverstripe/silverstripe-subsites
synced 2024-09-29 04:39:11 +02:00
Merge pull request #151 from stojg/pull/prevent-xss-attacks
Security: XSS can be injected in the group edit view
This commit is contained in:
commit
ccf125a4d6
@ -56,6 +56,9 @@ class GroupSubsites extends DataExtension implements PermissionProvider {
|
||||
$subsites = Subsite::accessible_sites(array('ADMIN', 'SECURITY_SUBSITE_GROUP'), true);
|
||||
$subsiteMap = $subsites->map();
|
||||
|
||||
// Prevent XSS injection
|
||||
$subsiteMap = Convert::raw2xml($subsiteMap);
|
||||
|
||||
// Interface is different if you have the rights to modify subsite group values on
|
||||
// all subsites
|
||||
if(isset($subsiteMap[0])) {
|
||||
|
Loading…
Reference in New Issue
Block a user