サニタイズ漏れ

NetCommons3 · Aug 27, 2016 · 917cf5a · 917cf5a
1 parent 697de5f
commit 917cf5a
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/View/Helper/UserEditFormHelper.php b/View/Helper/UserEditFormHelper.php
@@ -297,7 +297,7 @@ private function __input($fieldName, $userAttribute, $languageId = null) {
 			);
 		}
 
-		$attributes['help'] = Hash::get($userAttribute, 'UserAttribute.description', '');
+		$attributes['help'] = h(Hash::get($userAttribute, 'UserAttribute.description', ''));
 		$html .= $this->__inputDataType($fieldName, $userAttribute, $attributes);
 
 		return $html;