Changeset 851 for trunk/Modules/ShoutBox/ShoutBox.php

Timestamp:

Jan 17, 2016, 10:07:13 PM (9 years ago)

Author:

chronos

Message:

• Fixed: Use htmlspecialchars function for user inserted content to avoid breaking page HTML structure. Added for forum, teams, dictionary and profile text.

File:

• trunk/Modules/ShoutBox/ShoutBox.php (modified) (1 diff)

trunk/Modules/ShoutBox/ShoutBox.php

@@ -63 +63 @@
     {
       $SearchQuery = ' AND (`Text` LIKE "%'.$_SESSION['search'].'%")';
-      $Output .= '<div><a href="?search=">'.sprintf(T('Disable filter "%s"'), $_SESSION['search']).'</a></div>';
+      $Output .= '<div><a href="?search=">'.sprintf(T('Disable filter "%s"'), htmlentities($_SESSION['search'])).'</a></div>';
     } else $SearchQuery = '';