kazhnuz/koblog
1
0
Fork 0
Code Issues 31 Pull requests Projects 3 Releases Packages Wiki Activity Actions

[FIX] XSS using htmlentities()

Browse source
This commit is contained in:
Michele Romano 2020-08-17 16:33:55 +02:00 committed by GitHub
parent 668c3a0335
commit f3b2ba0981
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
bl-kernel/admin/views/edit-category.php
View file

@ -31,7 +31,7 @@
echo Bootstrap::formInputText(array( echo Bootstrap::formInputText(array(
'name'=>'name', 'name'=>'name',
'label'=>$L->g('Name'), 'label'=>$L->g('Name'),
'value'=>$categoryMap['name'], 'value'=>htmlentities($categoryMap['name'], ENT_QUOTES, 'UTF-8'),
'class'=>'', 'class'=>'',
'placeholder'=>'', 'placeholder'=>'',
'tip'=>'' 'tip'=>''
@ -50,7 +50,7 @@
echo Bootstrap::formInputText(array( echo Bootstrap::formInputText(array(
'name'=>'template', 'name'=>'template',
'label'=>$L->g('Template'), 'label'=>$L->g('Template'),
'value'=>isset($categoryMap['template'])?$categoryMap['template']:'', 'value'=>isset($categoryMap['template'])?htmlentities($categoryMap['template'], ENT_QUOTES, 'UTF-8'):'',
'class'=>'', 'class'=>'',
'placeholder'=>'', 'placeholder'=>'',
'tip'=>'' 'tip'=>''