Commit bf5eae1f9de5f8276fb1acfb1fb9c89d3b0db738
1 parent
b8820359
KTS-2178
"cross site scripting" Implemented. Reviewed By: Kevin Fourie git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@6992 c91229c3-7414-0410-bfa2-8a42b809f60b
Showing
1 changed file
with
1 additions
and
1 deletions
templates/ktcore/search/administration/savedsearches.smarty
| @@ -31,7 +31,7 @@ newsletters, etc.) based on a category or fieldset value.{/i18n}</p> | @@ -31,7 +31,7 @@ newsletters, etc.) based on a category or fieldset value.{/i18n}</p> | ||
| 31 | <tbody> | 31 | <tbody> |
| 32 | {foreach item=oSearch from=$saved_searches} | 32 | {foreach item=oSearch from=$saved_searches} |
| 33 | <tr> | 33 | <tr> |
| 34 | - <td>{$oSearch->getName()}</td> | 34 | + <td>{$oSearch->getName()|sanitize}</td> |
| 35 | {capture assign=iUserId}{$oSearch->getUserId()}{/capture} | 35 | {capture assign=iUserId}{$oSearch->getUserId()}{/capture} |
| 36 | <td>{if ($iUserId === '')}Global{else}{$context->_getUserName($iUserId)}{/if}</td> | 36 | <td>{if ($iUserId === '')}Global{else}{$context->_getUserName($iUserId)}{/if}</td> |
| 37 | <td><a href="{addQS}action=edit&fSavedSearchId={$oSearch->getId()}{/addQS}" class="ktAction ktEdit">{i18n}Edit{/i18n}</a></td> | 37 | <td><a href="{addQS}action=edit&fSavedSearchId={$oSearch->getId()}{/addQS}" class="ktAction ktEdit">{i18n}Edit{/i18n}</a></td> |