Try to fix some XSS vulnerabilities, ref T51
authorAndreas Boehler <andreas@aboehler.at>
Wed, 15 Nov 2017 18:53:51 +0100
changeset 99 fba5a06844d8
parent 98 44f79c6fb95f
child 100 4aeddad04e3b
Try to fix some XSS vulnerabilities, ref T51
syntax/table.php
--- a/syntax/table.php	Wed Nov 15 14:56:52 2017 +0100
+++ b/syntax/table.php	Wed Nov 15 18:53:51 2017 +0100
@@ -216,19 +216,19 @@
         $R->table_open();
         $R->tablethead_open();
         $R->tableheader_open();
-        $R->doc .= $data['onlystart'] ? $this->getLang('at') : $this->getLang('from');
+        $R->doc .= $data['onlystart'] ? hsc($this->getLang('at')) : hsc($this->getLang('from'));
         $R->tableheader_close();
         if(!$data['onlystart'])
         {
             $R->tableheader_open();
-            $R->doc .= $this->getLang('to');
+            $R->doc .= hsc($this->getLang('to'));
             $R->tableheader_close();
         }
         $R->tableheader_open();
-        $R->doc .= $this->getLang('title');
+        $R->doc .= hsc($this->getLang('title'));
         $R->tableheader_close();
         $R->tableheader_open();
-        $R->doc .= $this->getLang('description');
+        $R->doc .= hsc($this->getLang('description'));
         $R->tableheader_close();
         $R->tablethead_close();
         foreach($events as $event)
@@ -262,10 +262,10 @@
                 $R->tablecell_close();
             }
             $R->tablecell_open();
-            $R->doc .= $event['title'];
+            $R->doc .= hsc($event['title']);
             $R->tablecell_close();
             $R->tablecell_open();
-            $R->doc .= $event['description'];
+            $R->doc .= hsc($event['description']);
             $R->tablecell_close();
             $R->tablerow_close();
         }