Commit be128e81 authored by Thomas Citharel's avatar Thomas Citharel

Handle XSS issue on date poll slots

Signed-off-by: 's avatarThomas Citharel <tcit@tcit.fr>
parent a1a7d180
......@@ -77,6 +77,10 @@ function smarty_modifier_html($html) {
return Utils::htmlEscape($html);
}
function smarty_modifier_html_special_chars($html) {
return Utils::htmlMailEscape($html);
}
function smarty_modifier_datepicker_path($lang) {
$i = 0;
while (!is_file(path_for_datepicker_locale($lang)) && $i < 3) {
......
......@@ -70,7 +70,7 @@
<div class="col-sm-2">
<label for="d{$i}-h{$j}" class="sr-only control-label">{__('Generic', 'Time')} {$j+1}</label>
<input type="text" class="form-control hours" title="{$day_value} - {__('Generic', 'Time')} {$j+1}"
placeholder="{__('Generic', 'Time')} {$j+1}" id="d{$i}-h{$j}" name="horaires{$i}[]" value="{$slot}"/>
placeholder="{__('Generic', 'Time')} {$j+1}" id="d{$i}-h{$j}" name="horaires{$i}[]" value="{$slot|html_special_chars}"/>
</div>
{/foreach}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment