diff options
| author | Bernhard Posselt <nukeawhale@gmail.com> | 2012-09-06 03:48:10 +0200 |
|---|---|---|
| committer | Bernhard Posselt <nukeawhale@gmail.com> | 2012-09-06 03:48:18 +0200 |
| commit | f702e689c13f0d7b3d23b773ab95cea13e3f3c18 (patch) | |
| tree | a2dc80eb16a22ed080612e15d77c36036b2620a2 /templates/part.items.php | |
| parent | 24d4d4b6bd3bb821b85bac3d74ea4d1deec59ad8 (diff) | |
removed xss vulnerabilities in template code
Diffstat (limited to 'templates/part.items.php')
| -rw-r--r-- | templates/part.items.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/templates/part.items.php b/templates/part.items.php index 185fc099b..6d6369ab7 100644 --- a/templates/part.items.php +++ b/templates/part.items.php @@ -49,10 +49,10 @@ foreach($items as $item) { echo '</ul>'; echo '</div>'; - echo '<h1 class="item_title"><a target="_blank" href="' . $item->getUrl() . '">' . $item->getTitle() . '</a></h1>'; + echo '<h1 class="item_title"><a target="_blank" href="' . $item->getUrl() . '">' . htmlspecialchars($item->getTitle(), ENT_QUOTES, 'UTF-8') . '</a></h1>'; if(($item->getAuthor() !== null) && (trim($item->getAuthor()) != '')){ - echo '<h2 class="item_author">'. $l->t('by') . ' ' . $item->getAuthor() . '</h2>'; + echo '<h2 class="item_author">'. $l->t('by') . ' ' . htmlspecialchars($item->getAuthor(), ENT_QUOTES, 'UTF-8') . '</h2>'; } echo '<div class="body">' . $item->getBody() . '</div>'; |