Skip to content

Commit 586cca3

Browse files
committed
fix: [security] Fix to a reflected XSS in the default layout template
- as reported by Tuscany Internet eXchange | Misp Team | TIX CyberSecurity
1 parent 823ea74 commit 586cca3

File tree

1 file changed

+2
-2
lines changed

1 file changed

+2
-2
lines changed

Diff for: app/View/Layouts/default.ctp

+2-2
Original file line numberDiff line numberDiff line change
@@ -101,9 +101,9 @@
101101
var baseurl = '<?php echo $baseurl; ?>';
102102
var here = '<?php
103103
if (substr($this->params['action'], 0, 6) === 'admin_') {
104-
echo $baseurl . '/admin/' . $this->params['controller'] . '/' . substr($this->params['action'], 6);
104+
echo $baseurl . '/admin/' . h($this->params['controller']) . '/' . h(substr($this->params['action'], 6));
105105
} else {
106-
echo $baseurl . '/' . $this->params['controller'] . '/' . $this->params['action'];
106+
echo $baseurl . '/' . h($this->params['controller']) . '/' . h($this->params['action']);
107107
}
108108
?>';
109109
$(document).ready(function(){

0 commit comments

Comments
 (0)