Fixed XSS in post edit page and modsearch
This commit is contained in:
parent
e672d490cd
commit
4f85b7c570
|
@ -7,7 +7,7 @@
|
||||||
{% trans %}Name{% endtrans %}
|
{% trans %}Name{% endtrans %}
|
||||||
</th>
|
</th>
|
||||||
<td>
|
<td>
|
||||||
<input type="text" name="name" size="25" maxlength="35" autocomplete="off" value="{{ post.name }}">
|
<input type="text" name="name" size="25" maxlength="35" autocomplete="off" value="{{ post.name|e }}">
|
||||||
</td>
|
</td>
|
||||||
</tr>
|
</tr>
|
||||||
<tr>
|
<tr>
|
||||||
|
@ -23,7 +23,7 @@
|
||||||
{% trans %}Subject{% endtrans %}
|
{% trans %}Subject{% endtrans %}
|
||||||
</th>
|
</th>
|
||||||
<td>
|
<td>
|
||||||
<input style="float:left;" type="text" name="subject" size="25" maxlength="100" autocomplete="off" value="{{ post.subject }}">
|
<input style="float:left;" type="text" name="subject" size="25" maxlength="100" autocomplete="off" value="{{ post.subject|e }}">
|
||||||
<input accesskey="s" style="margin-left:2px;" type="submit" name="post" value="{% trans %}Update{% endtrans %}">
|
<input accesskey="s" style="margin-left:2px;" type="submit" name="post" value="{% trans %}Update{% endtrans %}">
|
||||||
</td>
|
</td>
|
||||||
</tr>
|
</tr>
|
||||||
|
|
|
@ -224,7 +224,7 @@
|
||||||
<a class="email" href="mailto:{{ post.email }}">
|
<a class="email" href="mailto:{{ post.email }}">
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% set capcode = post.capcode|capcode %}
|
{% set capcode = post.capcode|capcode %}
|
||||||
<span {% if capcode.name %}style="{{ capcode.name }}" {% endif %}class="name">{{ post.name }}</span>
|
<span {% if capcode.name %}style="{{ capcode.name }}" {% endif %}class="name">{{ post.name|e }}</span>
|
||||||
{% if post.trip|length > 0 %}
|
{% if post.trip|length > 0 %}
|
||||||
<span {% if capcode.trip %}style="{{ capcode.trip }}" {% endif %}class="trip">{{ post.trip }}</span>
|
<span {% if capcode.trip %}style="{{ capcode.trip }}" {% endif %}class="trip">{{ post.trip }}</span>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
@ -239,7 +239,7 @@
|
||||||
</td>
|
</td>
|
||||||
<td style="max-width:250px">
|
<td style="max-width:250px">
|
||||||
{% if post.subject %}
|
{% if post.subject %}
|
||||||
<small>{{ post.subject }}</small>
|
<small>{{ post.subject|e }}</small>
|
||||||
{% else %}
|
{% else %}
|
||||||
–
|
–
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
Loading…
Reference in New Issue
Block a user