diff options
| author | Dries Buytaert <dries@buytaert.net> | 2009-12-28 11:53:49 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2009-12-28 11:53:49 +0000 |
| commit | 438909ba28b0f033c5ce26730d41f49d37abb23e (patch) | |
| tree | 7b4c4d1f1ee004120b786e6b83cb800ce133bd7c /modules/contact | |
| parent | 2c24fd4040cbc6210682d8d100051111f6dffbcd (diff) | |
| download | brdo-438909ba28b0f033c5ce26730d41f49d37abb23e.tar.gz brdo-438909ba28b0f033c5ce26730d41f49d37abb23e.tar.bz2 | |
- Patch #669060 by Damien Tournoud: fixed SA-CORE-2009-009: contact category name XSS.
Diffstat (limited to 'modules/contact')
| -rw-r--r-- | modules/contact/contact.admin.inc | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/modules/contact/contact.admin.inc b/modules/contact/contact.admin.inc index e4496462e..929d5ac12 100644 --- a/modules/contact/contact.admin.inc +++ b/modules/contact/contact.admin.inc @@ -24,8 +24,8 @@ function contact_category_list() { // Loop through the categories and add them to the table. foreach ($categories as $category) { $rows[] = array( - $category->category, - $category->recipients, + check_plain($category->category), + check_plain($category->recipients), ($category->selected ? t('Yes') : t('No')), l(t('Edit'), 'admin/structure/contact/edit/' . $category->cid), l(t('Delete'), 'admin/structure/contact/delete/' . $category->cid), |