Escape variables in landingpage module

Jamie Snape · Jamie Snape · commit 91480498540d · 2014-12-08T09:20:01.000-05:00
diff --git a/modules/landingpage/controllers/IndexCoreController.php b/modules/landingpage/controllers/IndexCoreController.php
@@ -37,7 +37,7 @@ public function indexAction()
         $textDaos = $this->Landingpage_Text->getAll();
         if (isset($textDaos[0])) {
             $textDao = $textDaos[0];
-            $this->view->landingText = UtilityComponent::markdown($textDao->getText());
+            $this->view->landingText = UtilityComponent::markdown(htmlspecialchars($textDao->getText(), ENT_QUOTES, 'UTF-8'));
         } else {
             $this->callCoreAction();
         }

Original file line number	Diff line number	Diff line change
`@@ -37,7 +37,7 @@ public function indexAction()`
`37`	`37`	`$textDaos = $this->Landingpage_Text->getAll();`
`38`	`38`	`if (isset($textDaos[0])) {`
`39`	`39`	`$textDao = $textDaos[0];`
`40`		`- $this->view->landingText = UtilityComponent::markdown($textDao->getText());`
	`40`	`+ $this->view->landingText = UtilityComponent::markdown(htmlspecialchars($textDao->getText(), ENT_QUOTES, 'UTF-8'));`
`41`	`41`	`} else {`
`42`	`42`	`$this->callCoreAction();`
`43`	`43`	`}`