security/core#32 Fix Reflected XSS in Logging Detail report

author Seamus Lee <seamuslee001@gmail.com>

Sun, 30 Dec 2018 01:09:45 +0000 (12:09 +1100)

committer Seamus Lee <seamuslee001@gmail.com>

Fri, 22 Feb 2019 00:07:39 +0000 (11:07 +1100)
author Seamus Lee <seamuslee001@gmail.com>
Sun, 30 Dec 2018 01:09:45 +0000 (12:09 +1100)
committer Seamus Lee <seamuslee001@gmail.com>
Fri, 22 Feb 2019 00:07:39 +0000 (11:07 +1100)
diff --git a/templates/CRM/Logging/ReportDetail.tpl b/templates/CRM/Logging/ReportDetail.tpl

index 1cd5ed2a64ac3f2c6f8dbe1ccae5be23e8baac9d..0c23360c848e630c50645695b3db43359fdd68f0 100644 (file)
--- a/templates/CRM/Logging/ReportDetail.tpl
+++ b/templates/CRM/Logging/ReportDetail.tpl
@@ -35,7 +35,7 @@
          </dl>
        </div>
      {/if}
-    <p>{ts 1=$whom_url 2=$whom_name 3=$who_url 4=$who_name 5=$log_date}Change to <a href='%1'>%2</a> made by <a href='%3'>%4</a> on %5:{/ts}</p>
+    <p>{ts 1=$whom_url 2=$whom_name|escape 3=$who_url 4=$who_name|escape 5=$log_date}Change to <a href='%1'>%2</a> made by <a href='%3'>%4</a> on %5:{/ts}</p>
      {if $layout eq 'overlay'}
        {include file="CRM/Report/Form/Layout/Overlay.tpl"}
      {else}
author	Seamus Lee <seamuslee001@gmail.com>
	Sun, 30 Dec 2018 01:09:45 +0000 (12:09 +1100)
committer	Seamus Lee <seamuslee001@gmail.com>
	Fri, 22 Feb 2019 00:07:39 +0000 (11:07 +1100)