From ecd4e25058e413520c96f99d3a61821ff1c7d594 Mon Sep 17 00:00:00 2001 From: Seamus Lee Date: Sun, 30 Dec 2018 12:09:45 +1100 Subject: [PATCH] security/core#32 Fix Reflected XSS in Logging Detail report --- templates/CRM/Logging/ReportDetail.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/CRM/Logging/ReportDetail.tpl b/templates/CRM/Logging/ReportDetail.tpl index 1cd5ed2a64..0c23360c84 100644 --- a/templates/CRM/Logging/ReportDetail.tpl +++ b/templates/CRM/Logging/ReportDetail.tpl @@ -35,7 +35,7 @@ {/if} -

{ts 1=$whom_url 2=$whom_name 3=$who_url 4=$who_name 5=$log_date}Change to %2 made by %4 on %5:{/ts}

+

{ts 1=$whom_url 2=$whom_name|escape 3=$who_url 4=$who_name|escape 5=$log_date}Change to %2 made by %4 on %5:{/ts}

{if $layout eq 'overlay'} {include file="CRM/Report/Form/Layout/Overlay.tpl"} {else} -- 2.25.1