Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Fix XSS issue for FAQ user posted content
  • Loading branch information
remdex committed Jun 14, 2021
1 parent 7a3debf commit 5328d4a
Showing 1 changed file with 5 additions and 5 deletions.
10 changes: 5 additions & 5 deletions lhc_web/design/defaulttheme/tpl/lhfaq/form.tpl.php
Expand Up @@ -2,27 +2,27 @@

<div class="form-group">
<label><?php echo erTranslationClassLhTranslation::getInstance()->getTranslation('faq/new','Question');?></label>
<textarea class="form-control" rows="5" cols="50" name="question"><?php echo htmlspecialchars($faq->question)?></textarea>
<textarea ng-non-bindable class="form-control" rows="5" cols="50" name="question"><?php echo htmlspecialchars($faq->question)?></textarea>
</div>

<div class="form-group">
<label><?php echo erTranslationClassLhTranslation::getInstance()->getTranslation('faq/new','Answer');?></label>
<textarea class="form-control" rows="5" cols="50" name="answer"><?php echo htmlspecialchars($faq->answer)?></textarea>
<textarea ng-non-bindable class="form-control" rows="5" cols="50" name="answer"><?php echo htmlspecialchars($faq->answer)?></textarea>
</div>

<div class="form-group">
<label><?php echo erTranslationClassLhTranslation::getInstance()->getTranslation('faq/new','URL, enter * at the end for the wildcard');?>:</label>
<input type="text" class="form-control" name="URL" value="<?php echo htmlspecialchars($faq->url)?>" placeholder="<?php echo erTranslationClassLhTranslation::getInstance()->getTranslation('faq/new','The URL where this question should appear, leave it empty for all');?>">
<input ng-non-bindable type="text" class="form-control" name="URL" value="<?php echo htmlspecialchars($faq->url)?>" placeholder="<?php echo erTranslationClassLhTranslation::getInstance()->getTranslation('faq/new','The URL where this question should appear, leave it empty for all');?>">
</div>

<div class="form-group">
<label><?php echo erTranslationClassLhTranslation::getInstance()->getTranslation('faq/new','Submitter e-mail');?>:</label>
<input class="form-control" type="text" name="Email" value="<?php echo htmlspecialchars($faq->email)?>">
<input ng-non-bindable class="form-control" type="text" name="Email" value="<?php echo htmlspecialchars($faq->email)?>">
</div>

<div class="form-group">
<label><?php echo erTranslationClassLhTranslation::getInstance()->getTranslation('faq/new','Identifier, can be used to filter questions by identifier');?>:</label>
<input class="form-control" type="text" name="Identifier" value="<?php echo htmlspecialchars($faq->identifier)?>">
<input ng-non-bindable class="form-control" type="text" name="Identifier" value="<?php echo htmlspecialchars($faq->identifier)?>">
</div>

<div class="form-group">
Expand Down

0 comments on commit 5328d4a

Please sign in to comment.