diff options
| author |  mensonge | 2008-11-14 14:38:55 +0000 |
|---|---|---|
| committer | mensonge | 2008-11-14 14:38:55 +0000 |
| commit | 8bc7ad4383452b2a3872aea3ef7c3eaef675af3b (patch) | |
| tree | e53ab979893650a6b50074dbd09f69dd59743cc6 /templates/profile.tpl.php | |
| parent | 67a13f74ce1b51732a9b3f759ca956bd762b0c0b (diff) | |
| download | scuttle-8bc7ad4383452b2a3872aea3ef7c3eaef675af3b.tar.gz scuttle-8bc7ad4383452b2a3872aea3ef7c3eaef675af3b.zip | |
Bug fix: correct XSS problems (prevent username with non-alphanumeric characters, protect profile page)
git-svn-id: https://semanticscuttle.svn.sourceforge.net/svnroot/semanticscuttle/trunk@157 b3834d28-1941-0410-a4f8-b48e95affb8f
Diffstat (limited to 'templates/profile.tpl.php')
| -rw-r--r-- | templates/profile.tpl.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/templates/profile.tpl.php b/templates/profile.tpl.php index d7ace7e..ecfadbb 100644 --- a/templates/profile.tpl.php +++ b/templates/profile.tpl.php @@ -10,13 +10,13 @@ $this->includeTemplate($GLOBALS['top_include']); if ($row['name'] != "") { ?> <dt><?php echo T_('Name'); ?></dt> - <dd><?php echo $row['name']; ?></dd> + <dd><?php echo filter($row['name']); ?></dd> <?php } if ($row['homepage'] != "") { ?> <dt><?php echo T_('Homepage'); ?></dt> - <dd><a href="<?php echo $row['homepage']; ?>"><?php echo $row['homepage']; ?></a></dd> + <dd><a href="<?php echo filter($row['homepage'], 'url'); ?>"><?php echo filter($row['homepage']); ?></a></dd> <?php } ?> |