diff options
| author | redmatrix <redmatrix@redmatrix.me> | 2015-09-22 04:08:03 -0700 |
|---|---|---|
| committer | redmatrix <redmatrix@redmatrix.me> | 2015-09-22 04:08:03 -0700 |
| commit | 4b13f0e025b08263d7231845bc76034d9adc7847 (patch) | |
| tree | ece0274497ae0f3bc427cfa6e8f10752dd9934dc /mod | |
| parent | 2869ccfe39cbda4974a82c303eeeb4e38966b126 (diff) | |
| download | volse-hubzilla-4b13f0e025b08263d7231845bc76034d9adc7847.tar.gz volse-hubzilla-4b13f0e025b08263d7231845bc76034d9adc7847.tar.bz2 volse-hubzilla-4b13f0e025b08263d7231845bc76034d9adc7847.zip | |
since this is now usable, protect the displayed delivery reports from XSS injection
Diffstat (limited to 'mod')
| -rw-r--r-- | mod/dreport.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/mod/dreport.php b/mod/dreport.php index 3c74a9e33..a20e17372 100644 --- a/mod/dreport.php +++ b/mod/dreport.php @@ -32,7 +32,7 @@ function dreport_content(&$a) { foreach($r as $rr) { $name = escape_tags(substr($rr['dreport_recip'],strpos($rr['dreport_recip'],' '))); - $o .= '<tr><td>' . $name . '</td><td>' . $rr['dreport_result'] . '</td><td>' . $rr['dreport_time'] . '</td></tr>'; + $o .= '<tr><td>' . $name . '</td><td>' . escape_tags($rr['dreport_result']) . '</td><td>' . escape_tags($rr['dreport_time']) . '</td></tr>'; } $o .= '</table>'; |