Merge pull request from GHSA-prrh-qvhf-x788

Escape username
PrestaShop · Aug 31, 2022 · 314456d · 314456d
2 parents 7a03fd0 + 2b57977
commit 314456d
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/productcomments.php b/productcomments.php
@@ -677,6 +677,7 @@ public function getStandardFieldList()
      */
     public function renderAuthorName($value, $row)
     {
+        $value = htmlentities($value);
         if (!empty($row['customer_id'])) {
             $linkToCustomerProfile = $this->context->link->getAdminLink('AdminCustomers', false, [], [
                 'id_customer' => $row['customer_id'],