Permalink
Browse files

Fixed a potential cross-site scripting issue on the module view add p…

…age.

Thanks to High-Tech Bridge Security Research Lab for finding this and the Cross-Site Request Forgery issues.
  • Loading branch information...
1 parent 4b0faa9 commit 8a59c2e13f8e151b6a9e98f73e641e1ec8d928df @timbuckingham timbuckingham committed Jul 17, 2013
Showing with 1 addition and 1 deletion.
  1. +1 −1 core/admin/modules/developer/modules/views/add.php
@@ -1,5 +1,5 @@
<?
- $id = $_GET["module"];
+ $id = htmlspecialchars($_GET["module"]);
$table = isset($_GET["table"]) ? $_GET["table"] : "";
$title = isset($_GET["title"]) ? htmlspecialchars($_GET["title"]) : "";

0 comments on commit 8a59c2e

Please sign in to comment.