Peter M. Groen / knowledgetree

Commit e1969b1ed06414e0c9f0823d263881fd1cc37f4f

Authored by Conrad Vermeulen
1 parent dd693198

KTS-2178 

"cross site scripting"
Implemented.

Reviewed By: Kevin Fourie

git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@6984 c91229c3-7414-0410-bfa2-8a42b809f60b
Inline Side-by-side
Showing 1 changed file with 1 additions and 1 deletions
templates/kt3/browse.smarty
  View file @e1969b1
@@ -44,7 +44,7 @@ @@ -44,7 +44,7 @@
44 <input type="hidden" name="sListCode" value="{$code}" /> 44 <input type="hidden" name="sListCode" value="{$code}" />
45 <input type="hidden" name="action" value="bulkaction" /> 45 <input type="hidden" name="action" value="bulkaction" />
46 <input type="hidden" name="fReturnAction" value="{$returnaction}" /> 46 <input type="hidden" name="fReturnAction" value="{$returnaction}" />
47 - <input type="hidden" name="fReturnData" value="{$returndata}" /> 47 + <input type="hidden" name="fReturnData" value="{$returndata|sanitize}" />
48 48
49 {foreach from=$bulkactions item=bulkaction} 49 {foreach from=$bulkactions item=bulkaction}
50 <input type="submit" name="submit[{$bulkaction->getName()}]" value="{$bulkaction->getDisplayName()}" /> 50 <input type="submit" name="submit[{$bulkaction->getName()}]" value="{$bulkaction->getDisplayName()}" />