diff options
author | Harald Eilertsen <haraldei@anduin.net> | 2022-03-12 17:04:58 +0100 |
---|---|---|
committer | Harald Eilertsen <haraldei@anduin.net> | 2022-03-12 17:04:58 +0100 |
commit | 6846268aac8ef9563b2b7a52f41fe642ff94854d (patch) | |
tree | 2d7a0d0998ac6e295ec0fdad3b4200f0456b3c7c /includes/admin/views | |
parent | 3d12c83c394d32e61c50f24917f65329e99f5619 (diff) | |
download | gigologadmin-6846268aac8ef9563b2b7a52f41fe642ff94854d.tar.gz gigologadmin-6846268aac8ef9563b2b7a52f41fe642ff94854d.tar.bz2 gigologadmin-6846268aac8ef9563b2b7a52f41fe642ff94854d.zip |
Security: Escape band and venue name in concerts table.
Diffstat (limited to 'includes/admin/views')
-rw-r--r-- | includes/admin/views/_concerts_table.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/includes/admin/views/_concerts_table.php b/includes/admin/views/_concerts_table.php index 484adca..885f0c0 100644 --- a/includes/admin/views/_concerts_table.php +++ b/includes/admin/views/_concerts_table.php @@ -298,8 +298,8 @@ if (!class_exists("GiglogAdmin_ConcertsTable")) $content .= "<td>" . date( 'd.M.Y', strtotime( $concert->cdate() ) ) . "</td>" - . "<td>{$concert->cname()}</td>" - . "<td>{$concert->venue()->name()}</td>"; + . "<td>" . esc_html($concert->cname()) . "</td>" + . "<td>" . esc_html($concert->venue()->name()) . "</td>"; if( is_admin() ) { $content .= '<td class="publishstatus">' . $this->mark_new_concert($concert) . '</td>'; |