Merge pull request #135 from terokorp/hotfix/forum_xss_fix
Critical: xss vulnerability on forums, adding html encoding forum post title.
This commit is contained in:
commit
88f0a82032
@ -1,4 +1,4 @@
|
|||||||
<?php $this->provide('title', $this->forum_post->title) ?>
|
<?php $this->provide('title', $this->h($this->forum_post->title)) ?>
|
||||||
<?php if ($this->forum_post->is_locked) : ?>
|
<?php if ($this->forum_post->is_locked) : ?>
|
||||||
<div class="status-notice">
|
<div class="status-notice">
|
||||||
<p><?= $this->t('.locked') ?></p>
|
<p><?= $this->t('.locked') ?></p>
|
||||||
|
Reference in New Issue
Block a user