Skip to content

Commit 8fa74dd

Browse files
author
Bauffman
committed
Disallow html in the report.
1 parent b882e5a commit 8fa74dd

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

Diff for: backend/core/engine/base.php

+1-1
Original file line numberDiff line numberDiff line change
@@ -148,7 +148,7 @@ public function execute()
148148
$this->tpl->assign('report', true);
149149

150150
// camelcase the string
151-
$messageName = SpoonFilter::toCamelCase($this->getParameter('report'), '-');
151+
$messageName = strip_tags(SpoonFilter::toCamelCase($this->getParameter('report'), '-'));
152152

153153
// if we have data to use it will be passed as the var parameter
154154
if(!empty($var)) $this->tpl->assign('reportMessage', vsprintf(BL::msg($messageName), $var));

0 commit comments

Comments
 (0)