Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Fix XSS in error tag display of failed submissions

  • Loading branch information...
commit bea662dbb16afad9c683774f10c0046abc1735f9 1 parent d91d3e1
@perusionjosh perusionjosh authored
Showing with 3 additions and 0 deletions.
  1. +3 −0  code/SystemTag/error.coretag
View
3  code/SystemTag/error.coretag
@@ -43,6 +43,9 @@ sub tag_error {
}
return set_error($error, $var, $opt);
}
+ unless(defined $opt->{filter}) {
+ $opt->{filter} = 'encode_entities';
+ }
my $err_ref = $Vend::Session->{errors};
my $text;
my @errors;
Please sign in to comment.
Something went wrong with that request. Please try again.