Skip to content
Permalink
Browse files

[XSS fixed] remove COM_getCurrentURL() in article/article.thtml

  • Loading branch information...
ivywe committed Aug 16, 2016
1 parent beba390 commit 41f4677e2eaa587b80eb9801150c1b402344c43d
Showing with 2 additions and 2 deletions.
  1. +2 −2 public_html/layout/default/article/article.thtml
@@ -2,8 +2,8 @@

<ul class="uk-subnav uk-flex-right uk-margin-remove">
<li><g:plusone href="{site_url}/article.php/{story_id}"></g:plusone></li>
<li><a class="twitter-share-button" data-url="<?php echo COM_getCurrentURL(); ?>" href="https://twitter.com/intent/tweet?text={story_title}" data-lang="ja">Tweet</a></li>
<li><iframe src="//www.facebook.com/plugins/like.php?href=<?php echo urlencode(COM_getCurrentURL()); ?>&amp;width=150&amp;height=20&amp;colorscheme=light&amp;layout=button_count&amp;action=like&amp;show_faces=true&amp;send=true&amp;appId={!!autotag conf:facebook_consumer_key !!}" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:150px; height:20px;" allowTransparency="true"></iframe></li>
<li><a class="twitter-share-button" data-url="{site_url}/article.php/{story_id}" href="https://twitter.com/intent/tweet?text={story_title}" data-lang="ja">Tweet</a></li>
<li><iframe src="//www.facebook.com/plugins/like.php?href={site_url}/article.php/{story_id}&amp;width=150&amp;height=20&amp;colorscheme=light&amp;layout=button_count&amp;action=like&amp;show_faces=true&amp;send=true&amp;appId={!!autotag conf:facebook_consumer_key !!}" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:150px; height:20px;" allowTransparency="true"></iframe></li>
</ul>

<div class="article">

0 comments on commit 41f4677

Please sign in to comment.
You can’t perform that action at this time.