projects / civicrm-core.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ee21bfd)
security/core#96 Escape the profile description field
authorSeamus Lee <seamuslee001@gmail.com>
Wed, 5 Aug 2020 23:46:33 +0000 (09:46 +1000)
committerSeamus Lee <seamuslee001@gmail.com>
Wed, 19 Aug 2020 06:16:57 +0000 (16:16 +1000)
templates/CRM/UF/Page/Group.tpl patch | blob | blame | history

diff --git a/templates/CRM/UF/Page/Group.tpl b/templates/CRM/UF/Page/Group.tpl
index 1eb5ee8ef0a9a609f65ad607f1a9578e417017de..eb25d0e9b73f10cb2ce39299bcd8451d04a11729 100644 (file)
--- a/templates/CRM/UF/Page/Group.tpl
+++ b/templates/CRM/UF/Page/Group.tpl
@@ -77,7 +77,7 @@
                     <a href="{crmURL p='civicrm/contact/view' q="reset=1&cid=`$row.created_id`"}">{ts}{$row.created_by}{/ts}</a>
                   {/if}
                 </td>
-                <td class="crmf-description crm-editable" data-type="textarea">{$row.description}</td>
+                <td class="crmf-description crm-editable" data-type="textarea">{$row.description|escape}</td>
                 <td>{$row.group_type}</td>
                 <td>{$row.id}</td>
                 <td>{$row.module}</td>
@@ -122,7 +122,7 @@
                     <a href="{crmURL p='civicrm/contact/view' q="reset=1&cid=`$row.created_id`"}">{ts}{$row.created_by}{/ts}</a>
                   {/if}
                 </td>
-                <td>{$row.description}</td>
+                <td>{$row.description|escape}</td>
                 <td>{$row.group_type}</td>
                 <td>{$row.id}</td>
                 <td>{$row.module}</td>