Mirrors/framadate
1
0
Fork 0
mirror of https://framagit.org/framasoft/framadate/framadate synced 2026-01-23 02:14:06 +00:00
Code Issues Projects Releases Wiki Activity

Fix an XSS in the result graph

Browse source 
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
This commit is contained in:
Thomas Citharel 2021-07-19 11:17:00 +02:00
parent e0028dc813
commit 02229c671b
No known key found for this signature in database
GPG key ID: A061B9DDE0CA0773
2 changed files with 5 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

4
app/inc/smarty.php
View file

@ -73,6 +73,10 @@ function smarty_modifier_addslashes_single_quote($string) {
return addcslashes($string, '\\\'');
}
function smarty_modifier_addslashes($string) {
return addslashes($string);
}
function smarty_modifier_html($html) {
return Utils::htmlEscape($html);
}

2
tpl/part/vote_table_classic.tpl
View file

@ -282,7 +282,7 @@
});
var cols = [
{foreach $slots as $id=>$slot}
$('<div/>').html('{$slot->title|markdown:true}').text(),
"{$slot->title|markdown:true|addslashes}",
{/foreach}
];