diff options
| author | Harald Eilertsen <haraldei@anduin.net> | 2022-03-12 17:04:58 +0100 |
|---|---|---|
| committer | Harald Eilertsen <haraldei@anduin.net> | 2022-03-12 17:04:58 +0100 |
| commit | 6846268aac8ef9563b2b7a52f41fe642ff94854d (patch) | |
| tree | 2d7a0d0998ac6e295ec0fdad3b4200f0456b3c7c | |
| parent | 3d12c83c394d32e61c50f24917f65329e99f5619 (diff) | |
| download | gigologadmin-6846268aac8ef9563b2b7a52f41fe642ff94854d.tar.gz gigologadmin-6846268aac8ef9563b2b7a52f41fe642ff94854d.tar.bz2 gigologadmin-6846268aac8ef9563b2b7a52f41fe642ff94854d.zip | |
Security: Escape band and venue name in concerts table.
| -rw-r--r-- | includes/admin/views/_concerts_table.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/includes/admin/views/_concerts_table.php b/includes/admin/views/_concerts_table.php index 484adca..885f0c0 100644 --- a/includes/admin/views/_concerts_table.php +++ b/includes/admin/views/_concerts_table.php @@ -298,8 +298,8 @@ if (!class_exists("GiglogAdmin_ConcertsTable")) $content .= "<td>" . date( 'd.M.Y', strtotime( $concert->cdate() ) ) . "</td>" - . "<td>{$concert->cname()}</td>" - . "<td>{$concert->venue()->name()}</td>"; + . "<td>" . esc_html($concert->cname()) . "</td>" + . "<td>" . esc_html($concert->venue()->name()) . "</td>"; if( is_admin() ) { $content .= '<td class="publishstatus">' . $this->mark_new_concert($concert) . '</td>'; |