Skip to content
Permalink
Browse files Browse the repository at this point in the history
Bug: 14857
Prevent XSS in event's URL field.
  • Loading branch information
mrubinsk committed Sep 25, 2018
1 parent c6a1c8b commit 09d9014
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions lib/Event.php
Expand Up @@ -2402,8 +2402,8 @@ public function toJson($allDay = null, $full = false, $time_format = 'H:i')
}
if (!$this->isPrivate()) {
$json->d = $this->description;
$json->u = $this->url;
$json->uhl = $GLOBALS['injector']->getInstance('Horde_Core_Factory_TextFilter')->filter($this->url, 'linkurls');
$json->u = htmlentities($this->url);
$json->uhl = htmlentities($GLOBALS['injector']->getInstance('Horde_Core_Factory_TextFilter')->filter($this->url, 'linkurls'));
$json->tg = array_values($this->tags);
$json->gl = $this->geoLocation;
if ($this->attendees) {
Expand Down

0 comments on commit 09d9014

Please sign in to comment.