Skip to content
Permalink
Browse files Browse the repository at this point in the history
Merge pull request from GHSA-vwfx-hh3w-fj99
Escape newsletter condition field
  • Loading branch information
atomiix committed Mar 30, 2021
2 parents 5da9c45 + 99bd909 commit 664ffb2
Show file tree
Hide file tree
Showing 4 changed files with 6 additions and 4 deletions.
4 changes: 3 additions & 1 deletion ps_emailsubscription.php
Expand Up @@ -977,7 +977,9 @@ public function hookAdditionalCustomerFormFields($params)
array(
'[1]' => '<br>',
'[2]' => '<em>',
'%conditions%' => Configuration::get('NW_CONDITIONS', $this->context->language->id),
'%conditions%' => Tools::htmlentitiesUTF8(
Configuration::get('NW_CONDITIONS', $this->context->language->id)
),
'[/2]' => '</em>',
),
'Modules.Emailsubscription.Shop'
Expand Down
2 changes: 1 addition & 1 deletion views/templates/front/subscription_execution.tpl
Expand Up @@ -32,7 +32,7 @@
</p>

{if $variables.conditions}
<p>{$variables.conditions nofilter}</p>
<p>{$variables.conditions}</p>
{/if}

{/block}
Expand Down
2 changes: 1 addition & 1 deletion views/templates/hook/ps_emailsubscription-column.tpl
Expand Up @@ -31,7 +31,7 @@
<form action="{$urls.current_url}#blockEmailSubscription_{$hookName}" method="post">
<input type="email" name="email" value="{$value}" placeholder="{l s='Your e-mail' d='Modules.Emailsubscription.Shop'}" required />
{if $conditions}
<p>{$conditions nofilter}</p>
<p>{$conditions}</p>
{/if}
{hook h='displayNewsletterRegistration'}
<input type="hidden" name="blockHookName" value="{$hookName}" />
Expand Down
2 changes: 1 addition & 1 deletion views/templates/hook/ps_emailsubscription.tpl
Expand Up @@ -31,7 +31,7 @@
<form action="{$urls.current_url}#blockEmailSubscription_{$hookName}" method="post">
<input type="email" name="email" value="{$value}" placeholder="{l s='Your e-mail' d='Modules.Emailsubscription.Shop'}" required />
{if $conditions}
<p>{$conditions nofilter}</p>
<p>{$conditions}</p>
{/if}
{hook h='displayNewsletterRegistration'}
<input type="hidden" value="{$hookName}" name="blockHookName" />
Expand Down

0 comments on commit 664ffb2

Please sign in to comment.