TPS
/
ORIENT
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Escape output to prevent XSS injection (#4074) 

Credit to @nathan-van-der-werf
This commit is contained in:
Nathan van der Werf 2019-01-18 17:26:56 +01:00 committed by Luke Towers
parent a4f4a71fc3
commit 7232e7a29d
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
modules/backend/controllers/auth/reset.htm
View File

@ -2,8 +2,8 @@
<?= Form::open() ?> <?= Form::open() ?>
<input type="hidden" name="postback" value="1" /> <input type="hidden" name="postback" value="1" />
<input type="hidden" name="id" value="<?= $id ?>" /> <input type="hidden" name="id" value="<?= e($id) ?>" />
<input type="hidden" name="code" value="<?= $code ?>" /> <input type="hidden" name="code" value="<?= e($code) ?>" />
<div class="form-elements" role="form"> <div class="form-elements" role="form">
<div class="form-group text-field horizontal-form october"> <div class="form-group text-field horizontal-form october">

2
modules/cms/widgets/componentlist/partials/_items.htm
View File

@ -4,7 +4,7 @@
<li class="group" data-status="<?= $this->getCollapseStatus($item->pluginClass, false) ? 'expanded' : 'collapsed' ?>" data-group-id="<?= e($item->pluginClass) ?>"> <li class="group" data-status="<?= $this->getCollapseStatus($item->pluginClass, false) ? 'expanded' : 'collapsed' ?>" data-group-id="<?= e($item->pluginClass) ?>">
<div class="group"> <div class="group">
<h4><a href="#"><?= e(trans($item->title)) ?></a></h4> <h4><a href="#"><?= e(trans($item->title)) ?></a></h4>
<i class="<?= $item->icon ?>"></i> <i class="<?= e($item->icon) ?>"></i>
<span class="description"><?= e(trans($item->description)) ?></span> <span class="description"><?= e(trans($item->description)) ?></span>
</div> </div>
<?= $this->makePartial('component_list', ['components'=>$item->items]) ?> <?= $this->makePartial('component_list', ['components'=>$item->items]) ?>