mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-19 03:50:54 +01:00
XSS in Owners
Test Plan: Display /owners/view/search/ for repository with callsign <i>hack</i> Reviewers: epriestley Reviewed By: epriestley CC: aran, epriestley Differential Revision: https://secure.phabricator.com/D1549
This commit is contained in:
parent
c3543c80cd
commit
33fb7117ae
1 changed files with 1 additions and 1 deletions
|
@ -214,7 +214,7 @@ class PhabricatorOwnersListController extends PhabricatorOwnersController {
|
|||
foreach ($pkg_paths as $key => $path) {
|
||||
$repo = $handles[$path->getRepositoryPHID()]->getName();
|
||||
$pkg_paths[$key] =
|
||||
'<strong>'.$repo.'</strong> '.
|
||||
'<strong>'.phutil_escape_html($repo).'</strong> '.
|
||||
phutil_escape_html($path->getPath());
|
||||
}
|
||||
$pkg_paths = implode('<br />', $pkg_paths);
|
||||
|
|
Loading…
Reference in a new issue