escape hotlinked image

2013-02-08 08:29:48 +01:00
parent b6fa7eb1ef
commit 63ba9b0431
2 changed files with 4 additions and 1 deletions
--- a/docs/NEWS
+++ b/docs/NEWS
@ -13,7 +13,8 @@ Version 1.7 ()
 ------------------------------------------------------------------------

    * Media database: Escape more Cookie values to prevent storing
-      possible XSS (http://board.s9y.org/viewtopic.php?f=3&t=19142)
+      possible XSS (http://board.s9y.org/viewtopic.php?f=3&t=19142).
+      Escape hotlinked media filename.
          
    * rc2: Alter entries.tpl to add the line:
      {assign var="entry" value=$entry scope="parent"}