Commit 056e6ef9 authored by Côme Chilliet's avatar Côme Chilliet
Browse files

🚑 fix(management) Escape HTML in tab names in properties column

issue #5135
parent 6663a8c9
......@@ -65,7 +65,7 @@ class PropertiesColumn extends Column
$result .= '<img src="images/empty.png" alt="" class="optional '.$tab['tab'].'"/>';
} else {
$result .= '<input type="image" src="'.htmlentities($tab['icon'], ENT_COMPAT, 'UTF-8').'" '.
'alt="'.$tab['title'].'" title="'.$tab['title'].'" '.
'alt="'.htmlentities($tab['title'], ENT_COMPAT, 'UTF-8').'" title="'.htmlentities($tab['title'], ENT_COMPAT, 'UTF-8').'" '.
'name="listing_edit_tab_'.$tab['tab'].'_'.$entry->row.'"/>';
}
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment