Commit e442bfa4 authored by chandi's avatar chandi Committed by Matthias Larisch

fix stored XSS in /?page=report&sub=listReports

parent 1bf45d86
......@@ -205,7 +205,7 @@ class ReportView extends View
$rows[] = [
['cnt' => '<input type="hidden" class="rid" name="rid" value="' . $r['id'] . '"><span class="photo"><a title="' . $r['fs_name'] . ' ' . $r['fs_nachname'] . '" href="/profile/' . (int)$r['fs_id'] . '"><img id="miniq-' . $r['fs_id'] . '" src="' . $this->func->img($r['fs_photo']) . '" /></a></span>'],
['cnt' => '<span class="photo"><a title="' . $r['rp_name'] . ' ' . $r['rp_nachname'] . '" href="/profile/' . (int)$r['rp_id'] . '"><img id="miniq-' . $r['rp_id'] . '" src="' . $this->func->img($r['rp_photo']) . '" /></a></span>'],
['cnt' => $this->func->tt($r['msg'], 50)],
['cnt' => htmlspecialchars($this->func->tt($r['msg'], 50))],
['cnt' => '<span style="display:none;">a' . $r['time_ts'] . ' </span>' . $this->func->niceDateShort($r['time_ts']) . ' Uhr'],
['cnt' => $r['fs_stadt']],
['cnt' => $r['b_name']],
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment