Skip to content
Permalink
Browse files Browse the repository at this point in the history
Disallow html in the report.
  • Loading branch information
Bauffman committed Feb 14, 2012
1 parent b882e5a commit 8fa74dd
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion backend/core/engine/base.php
Expand Up @@ -148,7 +148,7 @@ public function execute()
$this->tpl->assign('report', true);

// camelcase the string
$messageName = SpoonFilter::toCamelCase($this->getParameter('report'), '-');
$messageName = strip_tags(SpoonFilter::toCamelCase($this->getParameter('report'), '-'));

// if we have data to use it will be passed as the var parameter
if(!empty($var)) $this->tpl->assign('reportMessage', vsprintf(BL::msg($messageName), $var));
Expand Down

0 comments on commit 8fa74dd

Please sign in to comment.