Making default bake templates escape HTML. Fixes #1186

cakephp · Oct 24, 2010 · c6c3295 · c6c3295
1 parent eb3cc3d
commit c6c3295
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/cake/console/templates/default/views/index.ctp b/cake/console/templates/default/views/index.ctp
@@ -48,7 +48,7 @@
 				}
 			}
 			if ($isKey !== true) {
-				echo "\t\t<td><?php echo \${$singularVar}['{$modelClass}']['{$field}']; ?>&nbsp;</td>\n";
+				echo "\t\t<td><?php echo h(\${$singularVar}['{$modelClass}']['{$field}']); ?>&nbsp;</td>\n";
 			}
 		}
 

diff --git a/cake/console/templates/default/views/view.ctp b/cake/console/templates/default/views/view.ctp
@@ -35,7 +35,7 @@ foreach ($fields as $field) {
 	}
 	if ($isKey !== true) {
 		echo "\t\t<dt<?php if (\$i % 2 == 0) echo \$class;?>><?php echo __('" . Inflector::humanize($field) . "'); ?></dt>\n";
-		echo "\t\t<dd<?php if (\$i++ % 2 == 0) echo \$class;?>>\n\t\t\t<?php echo \${$singularVar}['{$modelClass}']['{$field}']; ?>\n\t\t\t&nbsp;\n\t\t</dd>\n";
+		echo "\t\t<dd<?php if (\$i++ % 2 == 0) echo \$class;?>>\n\t\t\t<?php echo h(\${$singularVar}['{$modelClass}']['{$field}']); ?>\n\t\t\t&nbsp;\n\t\t</dd>\n";
 	}
 }
 ?>