diff options
author | redmatrix <redmatrix@redmatrix.me> | 2015-09-22 04:08:03 -0700 |
---|---|---|
committer | redmatrix <redmatrix@redmatrix.me> | 2015-09-22 04:08:03 -0700 |
commit | 4b13f0e025b08263d7231845bc76034d9adc7847 (patch) | |
tree | ece0274497ae0f3bc427cfa6e8f10752dd9934dc /mod/dreport.php | |
parent | 2869ccfe39cbda4974a82c303eeeb4e38966b126 (diff) | |
download | volse-hubzilla-4b13f0e025b08263d7231845bc76034d9adc7847.tar.gz volse-hubzilla-4b13f0e025b08263d7231845bc76034d9adc7847.tar.bz2 volse-hubzilla-4b13f0e025b08263d7231845bc76034d9adc7847.zip |
since this is now usable, protect the displayed delivery reports from XSS injection
Diffstat (limited to 'mod/dreport.php')
-rw-r--r-- | mod/dreport.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/mod/dreport.php b/mod/dreport.php index 3c74a9e33..a20e17372 100644 --- a/mod/dreport.php +++ b/mod/dreport.php @@ -32,7 +32,7 @@ function dreport_content(&$a) { foreach($r as $rr) { $name = escape_tags(substr($rr['dreport_recip'],strpos($rr['dreport_recip'],' '))); - $o .= '<tr><td>' . $name . '</td><td>' . $rr['dreport_result'] . '</td><td>' . $rr['dreport_time'] . '</td></tr>'; + $o .= '<tr><td>' . $name . '</td><td>' . escape_tags($rr['dreport_result']) . '</td><td>' . escape_tags($rr['dreport_time']) . '</td></tr>'; } $o .= '</table>'; |