Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fixed issue [security]: #15094 XSS in Boxes (thanks to Michele Cister…
…nino)

Reported by Michele Cisternino https://www.linkedin.com/in/michelecisternino/
Dev: encode always encode …
  • Loading branch information
Shnoulle committed Aug 2, 2019
1 parent 0b7391d commit f2566f6
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions application/extensions/PanelBoxWidget/views/box.php
@@ -1,7 +1,7 @@
<div class="<?php echo $sizeClass; ?> ls-flex-column ls-panelboxes-panelbox text-primary" >
<div class="panel panel-primary panel-clickable ls-panelboxes-panelbox-inner selector__<?=str_replace(' ', '_', strtolower($title))?>"
<div class="panel panel-primary panel-clickable ls-panelboxes-panelbox-inner selector__<?php echo CHtml::encode(str_replace(' ', '_', strtolower(strip_tags($title)))) ?>"
id="panel-<?php echo $position; ?>"
data-url="<?php echo $url; ?>"
data-url="<?php echo CHtml::encode($url); ?>"
<?php if ($external): ?>
data-target="_blank"
<?php endif; ?>
Expand Down

0 comments on commit f2566f6

Please sign in to comment.