Ignore:
Timestamp:
Jan 17, 2016, 10:07:13 PM (9 years ago)
Author:
chronos
Message:
  • Fixed: Use htmlspecialchars function for user inserted content to avoid breaking page HTML structure. Added for forum, teams, dictionary and profile text.
File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/Modules/ShoutBox/ShoutBox.php

    r839 r851  
    6363    {
    6464      $SearchQuery = ' AND (`Text` LIKE "%'.$_SESSION['search'].'%")';
    65       $Output .= '<div><a href="?search=">'.sprintf(T('Disable filter "%s"'), $_SESSION['search']).'</a></div>';
     65      $Output .= '<div><a href="?search=">'.sprintf(T('Disable filter "%s"'), htmlentities($_SESSION['search'])).'</a></div>';
    6666    } else $SearchQuery = '';
    6767
Note: See TracChangeset for help on using the changeset viewer.