Merge pull request #135 from terokorp/hotfix/forum_xss_fix
Critical: xss vulnerability on forums, adding html encoding forum post title.
This commit is contained in:
commit
88f0a82032
@ -1,4 +1,4 @@
|
||||
<?php $this->provide('title', $this->forum_post->title) ?>
|
||||
<?php $this->provide('title', $this->h($this->forum_post->title)) ?>
|
||||
<?php if ($this->forum_post->is_locked) : ?>
|
||||
<div class="status-notice">
|
||||
<p><?= $this->t('.locked') ?></p>
|
||||
|
Reference in New Issue
Block a user