Commit fd74f897fa7ac416d1db24500288a1501d8fbc43
1 parent
100a649c
KTS-2178
"cross site scripting" Updated. Reviewed By: Kevin Fourie git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@6935 c91229c3-7414-0410-bfa2-8a42b809f60b
Showing
1 changed file
with
5 additions
and
5 deletions
templates/ktcore/bulk_action_complete.smarty
| 1 | -<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{$context->getDisplayName()}</h2> | |
| 1 | +<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{$context->getDisplayName()|sanitize}</h2> | |
| 2 | 2 | |
| 3 | 3 | <p class="descriptiveText">{i18n}These are the results of the bulk action{/i18n}:</p> |
| 4 | 4 | |
| ... | ... | @@ -17,8 +17,8 @@ |
| 17 | 17 | <tbody> |
| 18 | 18 | {foreach from=$list.folders item=item} |
| 19 | 19 | <tr class="{cycle values=even,odd}"> |
| 20 | - <td>{$item.0}</td> | |
| 21 | - <td>{$item.1}</td> | |
| 20 | + <td>{$item.0|sanitize}</td> | |
| 21 | + <td>{$item.1|sanitize}</td> | |
| 22 | 22 | </tr> |
| 23 | 23 | {/foreach} |
| 24 | 24 | </tbody> |
| ... | ... | @@ -42,8 +42,8 @@ |
| 42 | 42 | |
| 43 | 43 | {foreach from=$list.documents item=item} |
| 44 | 44 | <tr class="{cycle values=even,odd}"> |
| 45 | - <td>{$item.0}</td> | |
| 46 | - <td>{$item.1}</td> | |
| 45 | + <td>{$item.0|sanitize}</td> | |
| 46 | + <td>{$item.1|sanitize}</td> | |
| 47 | 47 | </tr> |
| 48 | 48 | {/foreach} |
| 49 | 49 | </tbody> | ... | ... |