diff options
author | Bernhard Posselt <nukeawhale@gmail.com> | 2012-09-06 03:48:10 +0200 |
---|---|---|
committer | Bernhard Posselt <nukeawhale@gmail.com> | 2012-09-06 03:48:18 +0200 |
commit | f702e689c13f0d7b3d23b773ab95cea13e3f3c18 (patch) | |
tree | a2dc80eb16a22ed080612e15d77c36036b2620a2 /templates/part.listfolder.php | |
parent | 24d4d4b6bd3bb821b85bac3d74ea4d1deec59ad8 (diff) |
removed xss vulnerabilities in template code
Diffstat (limited to 'templates/part.listfolder.php')
-rw-r--r-- | templates/part.listfolder.php | 6 |
1 files changed, 1 insertions, 5 deletions
diff --git a/templates/part.listfolder.php b/templates/part.listfolder.php index 2a1cb6aed..6e8ea6350 100644 --- a/templates/part.listfolder.php +++ b/templates/part.listfolder.php @@ -13,14 +13,10 @@ if(isset($_['mock'])){ echo '<li class="folder open all_read" data-id="' . $folderId . '">'; echo '<button class="collapsable_trigger" title="' . $l->t('Collapse') . '"></button>'; - echo '<a href="#" class="title">' . $folderName . '</a>'; + echo '<a href="#" class="title">' . htmlspecialchars($folderName, ENT_QUOTES, 'UTF-8') . '</a>'; echo '<span class="buttons">'; echo '<button class="svg action feeds_delete" title="' . $l->t('Delete folder') . '"></button>'; echo '<button class="svg action feeds_edit" title="' . $l->t('Rename folder') . '"></button>'; echo '<button class="svg action feeds_markread" title="' . $l->t('Mark all read') . '"></button>'; echo '</span>'; echo '<ul data-id="' . $folderId . '">'; - -if(isset($_['mock'])){ - echo '</ul>'; -}
\ No newline at end of file |