Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fixed #019245: XSS exploit on eZJSCore RUN command
  • Loading branch information
andrerom committed May 9, 2012
1 parent 14f315a commit 5885456
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion classes/ezjscajaxcontent.php
Expand Up @@ -127,7 +127,7 @@ public static function textEncode( $mix )
if ( is_array( $mix ) )
return implode(',', array_map( array('ezjscAjaxContent', 'textEncode'), array_filter( $mix ) ) );

return $mix;
return htmlspecialchars( $mix );
}

/**
Expand Down

0 comments on commit 5885456

Please sign in to comment.