revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-18 21:02:41 +01:00
Code Issues Releases Wiki Activity

XSS in Owners

Browse source 
Test Plan: Display /owners/view/search/ for repository with callsign <i>hack</i>

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1549
This commit is contained in:
vrana 2012-02-02 12:17:12 -08:00
parent c3543c80cd
commit 33fb7117ae
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/applications/owners/controller/list/PhabricatorOwnersListController.php
View file

@ -214,7 +214,7 @@ class PhabricatorOwnersListController extends PhabricatorOwnersController {
foreach ($pkg_paths as $key => $path) { foreach ($pkg_paths as $key => $path) {
$repo = $handles[$path->getRepositoryPHID()]->getName(); $repo = $handles[$path->getRepositoryPHID()]->getName();
$pkg_paths[$key] = $pkg_paths[$key] =
'<strong>'.$repo.'</strong> '. '<strong>'.phutil_escape_html($repo).'</strong> '.
phutil_escape_html($path->getPath()); phutil_escape_html($path->getPath());
} }
$pkg_paths = implode('<br />', $pkg_paths); $pkg_paths = implode('<br />', $pkg_paths);