1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-19 03:50:54 +01:00

XSS in Owners

Test Plan: Display /owners/view/search/ for repository with callsign <i>hack</i>

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1549
This commit is contained in:
vrana 2012-02-02 12:17:12 -08:00
parent c3543c80cd
commit 33fb7117ae

View file

@ -214,7 +214,7 @@ class PhabricatorOwnersListController extends PhabricatorOwnersController {
foreach ($pkg_paths as $key => $path) {
$repo = $handles[$path->getRepositoryPHID()]->getName();
$pkg_paths[$key] =
'<strong>'.$repo.'</strong> '.
'<strong>'.phutil_escape_html($repo).'</strong> '.
phutil_escape_html($path->getPath());
}
$pkg_paths = implode('<br />', $pkg_paths);