Changeset 3547:f1486a90d72b

Timestamp:

06/29/17 20:04:26 (8 years ago)

Author:

franck <carnet.franck.paul@…>

Branch:

default

Message:

Fix potential XSS, closes #2243

File:

• admin/blog_pref.php (modified) (2 diffs)

admin/blog_pref.php

@@ -614 +614 @@
                     '<p class="form-note warn">'.
                     sprintf(__('The URL of blog or the URL scan method might not be well set (<code>%s</code> return a <strong>%s</strong> status).'),
-                              $file,$status).
+                              html::escapeHTML($file),$status).
                     '</p>';
                } else {
@@ -622 +622 @@
                          '<p class="form-note warn">'.
                          sprintf(__('The URL of blog or the URL scan method might not be well set (<code>%s</code> does not return an ATOM feed).'),
-                                   $file).
+                                   html::escapeHTML($file)).
                          '</p>';
                     }