Skip to content
Permalink
Browse files Browse the repository at this point in the history
Updated view.php
I put htmlspecialchars() into the var_check to avoid the XSS injection.
  • Loading branch information
sanatem committed Dec 5, 2014
1 parent f9e5169 commit 67bec33
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions libs/View.php
Expand Up @@ -43,7 +43,8 @@ public function render($template, $noInclude = false) {
* @return string
*/
public function var_check(&$var) {
return isset($var) ? $var : '';
return isset($var) ? htmlspecialchars($var,ENT_QUOTES,'UTF-8') : '';
//I put htmlspecialchars into the var_check to avoid the XSS injection.
}

}
}

0 comments on commit 67bec33

Please sign in to comment.