From: Seamus Lee <seamuslee001@gmail.com>
Date: Sun, 30 Dec 2018 01:09:45 +0000 (+1100)
Subject: security/core#32 Fix Reflected XSS in Logging Detail report
X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=5078188767930525538e1ccd2ffb60109655436b;p=civicrm-core.git

security/core#32 Fix Reflected XSS in Logging Detail report
---

diff --git a/templates/CRM/Logging/ReportDetail.tpl b/templates/CRM/Logging/ReportDetail.tpl
index 1cd5ed2a64..0c23360c84 100644
--- a/templates/CRM/Logging/ReportDetail.tpl
+++ b/templates/CRM/Logging/ReportDetail.tpl
@@ -35,7 +35,7 @@
         </dl>
       </div>
     {/if}
-    <p>{ts 1=$whom_url 2=$whom_name 3=$who_url 4=$who_name 5=$log_date}Change to <a href='%1'>%2</a> made by <a href='%3'>%4</a> on %5:{/ts}</p>
+    <p>{ts 1=$whom_url 2=$whom_name|escape 3=$who_url 4=$who_name|escape 5=$log_date}Change to <a href='%1'>%2</a> made by <a href='%3'>%4</a> on %5:{/ts}</p>
     {if $layout eq 'overlay'}
       {include file="CRM/Report/Form/Layout/Overlay.tpl"}
     {else}