Skip to content
Permalink
Browse files Browse the repository at this point in the history
better fix security vulnerability in editor preview; reported by fyth
  • Loading branch information
dleffler committed Nov 3, 2016
1 parent 3b3557e commit 0ce8b94
Showing 1 changed file with 3 additions and 1 deletion.
Expand Up @@ -62,6 +62,8 @@ function __construct($src = null, $params = array())
parent:: __construct($src, $params);
if (empty($this->params['editor'])) {
$this->params['editor'] = SITE_WYSIWYG_EDITOR;
} else {
$this->params['editor'] = preg_replace("/[^[:alnum:][:space:]]/u", '', $this->params['editor']);
}
}

Expand Down Expand Up @@ -171,7 +173,7 @@ function preview()
$demo->skin = 'lightgray';
}
} else {
$demo = self::getEditorSettings($this->params['id'], expString::escape($this->params['editor']));
$demo = self::getEditorSettings($this->params['id'], $this->params['editor']);
}
assign_to_template(
array(
Expand Down

0 comments on commit 0ce8b94

Please sign in to comment.