From 14c71c098a2cc9707f0b99cf7a9ee66d9a7f229c Mon Sep 17 00:00:00 2001 From: Mike Ho Date: Mon, 18 Jul 2011 06:42:45 -0700 Subject: [PATCH] Fixed potential xss vulnerability --- includes/qcodo/_core/qform/QFormBase.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/includes/qcodo/_core/qform/QFormBase.class.php b/includes/qcodo/_core/qform/QFormBase.class.php index c220b446..dd29f34d 100644 --- a/includes/qcodo/_core/qform/QFormBase.class.php +++ b/includes/qcodo/_core/qform/QFormBase.class.php @@ -908,7 +908,7 @@ protected function RenderBegin($blnDisplayOutput = true) { $strFormAttributes .= ' class="' . $this->strCssClass . '"'; // Setup Rendered HTML - $strToReturn .= sprintf('
', $this->strFormId, QApplication::$RequestUri, $strFormAttributes); + $strToReturn .= sprintf('', $this->strFormId, QApplication::HtmlEntities(QApplication::$RequestUri), $strFormAttributes); $strToReturn .= "\r\n"; // Include javascripts that need to be included