From: Mattias Michaux <mattias.michaux@gmail.com>
Date: Thu, 17 Mar 2016 07:14:12 +0000 (+1300)
Subject: CRM-17952. Escape HTML in body_text field on "Headers, Footers, and Automated Messages"
X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=8a06492a142e7c508f562f426bf8b75d4ee92ff0;p=civicrm-core.git

CRM-17952. Escape HTML in body_text field on "Headers, Footers, and Automated Messages"
---

diff --git a/templates/CRM/Mailing/Page/Component.tpl b/templates/CRM/Mailing/Page/Component.tpl
index 0a1bb06eac..d615d49219 100644
--- a/templates/CRM/Mailing/Page/Component.tpl
+++ b/templates/CRM/Mailing/Page/Component.tpl
@@ -49,7 +49,7 @@
            <td class="crm-editable" data-field="name">{$row.name}</td>
            <td>{$row.component_type}</td>
            <td>{$row.subject}</td>
-           <td>{$row.body_text}</td>
+           <td>{$row.body_text|escape}</td>
            <td>{$row.body_html|escape}</td>
            <td>{if $row.is_default eq 1}<img src="{$config->resourceBase}i/check.gif" alt="{ts}Default{/ts}" />{/if}&nbsp;</td>
      <td id="row_{$row.id}_status">{if $row.is_active eq 1} {ts}Yes{/ts} {else} {ts}No{/ts} {/if}</td>