diff options
| author | Harald Eilertsen <haraldei@anduin.net> | 2022-03-12 17:24:32 +0100 |
|---|---|---|
| committer | Harald Eilertsen <haraldei@anduin.net> | 2022-03-12 17:25:10 +0100 |
| commit | b4f6d9c766021c4b3285bdef97d29c25d5ed60fa (patch) | |
| tree | 38badf5a5a82505da872d473ccd184c3a666e974 /includes/admin | |
| parent | 1f858a589c58f666689f75ad42a3547921b382d2 (diff) | |
| download | gigologadmin-b4f6d9c766021c4b3285bdef97d29c25d5ed60fa.tar.gz gigologadmin-b4f6d9c766021c4b3285bdef97d29c25d5ed60fa.tar.bz2 gigologadmin-b4f6d9c766021c4b3285bdef97d29c25d5ed60fa.zip | |
Security: Escape event and link urls before using.
Diffstat (limited to 'includes/admin')
| -rw-r--r-- | includes/admin/views/_concerts_table.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/includes/admin/views/_concerts_table.php b/includes/admin/views/_concerts_table.php index 26e5833..45d9196 100644 --- a/includes/admin/views/_concerts_table.php +++ b/includes/admin/views/_concerts_table.php @@ -322,8 +322,8 @@ if (!class_exists("GiglogAdmin_ConcertsTable")) } } else { - $content .= "<td><a target=\"_blank\" href=\"{$concert->eventlink()}\">Link</a></td>"; - $content .= "<td><a target=\"_blank\" href=\"{$concert->tickets()}\">Tickets</a></td>"; + $content .= "<td><a target=\"_blank\" href=\"" . esc_url($concert->eventlink()) . "\">Link</a></td>"; + $content .= "<td><a target=\"_blank\" href=\"" . esc_url($concert->tickets()) . "\">Tickets</a></td>"; } $content .= '<td> <a href="'.get_admin_url().'admin-ajax.php?action=giglog_export_ical&evid='.$concert->id().'">iCal</td>'; |