aboutsummaryrefslogtreecommitdiffstats
path: root/mod/dreport.php
diff options
context:
space:
mode:
authorredmatrix <redmatrix@redmatrix.me>2015-09-22 04:08:03 -0700
committerredmatrix <redmatrix@redmatrix.me>2015-09-22 04:08:03 -0700
commit4b13f0e025b08263d7231845bc76034d9adc7847 (patch)
treeece0274497ae0f3bc427cfa6e8f10752dd9934dc /mod/dreport.php
parent2869ccfe39cbda4974a82c303eeeb4e38966b126 (diff)
downloadvolse-hubzilla-4b13f0e025b08263d7231845bc76034d9adc7847.tar.gz
volse-hubzilla-4b13f0e025b08263d7231845bc76034d9adc7847.tar.bz2
volse-hubzilla-4b13f0e025b08263d7231845bc76034d9adc7847.zip
since this is now usable, protect the displayed delivery reports from XSS injection
Diffstat (limited to 'mod/dreport.php')
-rw-r--r--mod/dreport.php2
1 files changed, 1 insertions, 1 deletions
diff --git a/mod/dreport.php b/mod/dreport.php
index 3c74a9e33..a20e17372 100644
--- a/mod/dreport.php
+++ b/mod/dreport.php
@@ -32,7 +32,7 @@ function dreport_content(&$a) {
foreach($r as $rr) {
$name = escape_tags(substr($rr['dreport_recip'],strpos($rr['dreport_recip'],' ')));
- $o .= '<tr><td>' . $name . '</td><td>' . $rr['dreport_result'] . '</td><td>' . $rr['dreport_time'] . '</td></tr>';
+ $o .= '<tr><td>' . $name . '</td><td>' . escape_tags($rr['dreport_result']) . '</td><td>' . escape_tags($rr['dreport_time']) . '</td></tr>';
}
$o .= '</table>';