mbirth/LuckyCoinkydink
Archived
1
0
Fork 0
Code Issues Pull Requests Activity

Escape category images to avoid backend XSS

Browse Source
This commit is contained in:
Hanno
2019-09-17 19:40:34 +02:00
committed by onli
parent 464c1319ad
commit fa8e77c130
9 changed files with 9 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
templates/skeleton/entries.tpl
View File

@@ -10,7 +10,7 @@
</header>
<div class="post_content">
{if $entry.categories}{foreach from=$entry.categories item="entry_category"}{if $entry_category.category_icon}<a href="{$entry_category.category_link}"><img class="serendipity_entryIcon" title="{$entry_category.category_name|escape}{$entry_category.category_description|emptyPrefix}" alt="{$entry_category.category_name|escape}" src="{$entry_category.category_icon}"></a>{/if}{/foreach}{/if}
{if $entry.categories}{foreach from=$entry.categories item="entry_category"}{if $entry_category.category_icon}<a href="{$entry_category.category_link}"><img class="serendipity_entryIcon" title="{$entry_category.category_name|escape}{$entry_category.category_description|emptyPrefix}" alt="{$entry_category.category_name|escape}" src="{$entry_category.category_icon|escape}"></a>{/if}{/foreach}{/if}
{$entry.body}
{if $entry.has_extended and not $is_single_entry and not $entry.is_extended}
<a class="button read_more" href="{$entry.link}#extended">{$CONST.VIEW_EXTENDED_ENTRY|sprintf:$entry.title}</a>