summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHarald Eilertsen <haraldei@anduin.net>2022-03-12 17:24:32 +0100
committerHarald Eilertsen <haraldei@anduin.net>2022-03-12 17:25:10 +0100
commitb4f6d9c766021c4b3285bdef97d29c25d5ed60fa (patch)
tree38badf5a5a82505da872d473ccd184c3a666e974
parent1f858a589c58f666689f75ad42a3547921b382d2 (diff)
downloadgigologadmin-b4f6d9c766021c4b3285bdef97d29c25d5ed60fa.tar.gz
gigologadmin-b4f6d9c766021c4b3285bdef97d29c25d5ed60fa.tar.bz2
gigologadmin-b4f6d9c766021c4b3285bdef97d29c25d5ed60fa.zip
Security: Escape event and link urls before using.
-rw-r--r--includes/admin/views/_concerts_table.php4
1 files changed, 2 insertions, 2 deletions
diff --git a/includes/admin/views/_concerts_table.php b/includes/admin/views/_concerts_table.php
index 26e5833..45d9196 100644
--- a/includes/admin/views/_concerts_table.php
+++ b/includes/admin/views/_concerts_table.php
@@ -322,8 +322,8 @@ if (!class_exists("GiglogAdmin_ConcertsTable"))
}
}
else {
- $content .= "<td><a target=\"_blank\" href=\"{$concert->eventlink()}\">Link</a></td>";
- $content .= "<td><a target=\"_blank\" href=\"{$concert->tickets()}\">Tickets</a></td>";
+ $content .= "<td><a target=\"_blank\" href=\"" . esc_url($concert->eventlink()) . "\">Link</a></td>";
+ $content .= "<td><a target=\"_blank\" href=\"" . esc_url($concert->tickets()) . "\">Tickets</a></td>";
}
$content .= '<td> <a href="'.get_admin_url().'admin-ajax.php?action=giglog_export_ical&evid='.$concert->id().'">iCal</td>';