Skip to content
GitLab
Unverified Commit 9f772bc9 authored by Côme Chilliet's avatar Côme Chilliet
Browse files

ambulance: fix(core) Escape HTML in fatal error messages 

Fixes third XSS from audit

FSA-0021

issue #6135
parent 34bc3da2
dev 6342-update-the-locales-for-1-5 6344-template-issue-when-creating-a-template-with-empty-password-error-message-should-not-be-seen 6365-core-locking-mechanism-is-not-changing-the-mail-ressource-it-does-lock-the-mail-account 6365-core-when-lock-mechanism-is-trigger-the-user-should-not-be-editable-if-not-unlock 6378-orcid-test-method-is-wrong-and-break-orcid-saving core-php8 master fusiondirectory-1.5 fusiondirectory-1.4 fusiondirectory-1.3.1
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 4 additions and 4 deletions
+4 -4
include/class_msg_dialog.inc
+ 4
4
View file @ 9f772bc9
...@@ -169,12 +169,12 @@ class msg_dialog ...@@ -169,12 +169,12 @@ class msg_dialog
'<table style="width:100%; border:2px solid red;"> '<table style="width:100%; border:2px solid red;">
<tr> <tr>
<td style="vertical-align:top;padding:10px"> <td style="vertical-align:top;padding:10px">
<img src="geticon.php?context=status&amp;icon=dialog-error&amp;size=32" alt="'._('Error').'"/> <img src="geticon.php?context=status&amp;icon=dialog-error&amp;size=32" alt="'.htmlentities(_('Error'), ENT_COMPAT, 'UTF-8').'"/>
</td> </td>
<td style="width:100%"> <td style="width:100%">
<b>'.$this->s_Title.'</b><br/> <b>'.htmlentities($this->s_Title, ENT_COMPAT, 'UTF-8').'</b><br/>
'.$this->s_Message.'<br><br/> '.htmlentities($this->s_Message, ENT_COMPAT, 'UTF-8').'<br><br/>
'._('Please fix the above error and reload the page.').' '.htmlentities(_('Please fix the above error and reload the page.'), ENT_COMPAT, 'UTF-8').'
</td> </td>
</tr> </tr>
</table></body></html>'; </table></body></html>';
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment