Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fixed a potential XSS vulnerability.
Thanks JPCERT for reporting it to us.
  • Loading branch information
xhezairbey committed Nov 17, 2014
1 parent 8172f73 commit 43d1b6b
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions admin/themes/default/pages/manage_users.twig
Expand Up @@ -39,14 +39,14 @@
<tr id="user_$user.id" class="user{% if loop.last %} last{% endif %}">
<td class="main">
{% if user.full_name != "" %}
<a href="mailto:$user.email">$user.full_name</a> <span class="sub">($user.login)</span>
<a href="mailto:${ user.email | escape }">$user.full_name</a> <span class="sub">($user.login)</span>
{% else %}
<a href="mailto:$user.email">$user.login</a>
<a href="mailto:${ user.email | escape }">$user.login</a>
{% endif %}
</td>
<td>${ user.group.name | escape }</td>
<td>${ user.joined_at | strftime }</td>
<td>{% if user.website != "" %}<a href="$user.website">$user.website</a>{% endif %}</td>
<td>{% if user.website != "" %}<a href="${ user.website | escape }">$user.website</a>{% endif %}</td>
${ trigger.call("manage_users_column", user) }
{% if user.editable and user.deletable %}
<td class="controls">${ user.edit_link('<img src="'~ theme_url ~'/images/icons/edit.svg" alt="edit" /> '~("edit" | translate)) }</td>
Expand Down

0 comments on commit 43d1b6b

Please sign in to comment.