Skip to content

Commit

Permalink
Encode $acomment
Browse files Browse the repository at this point in the history
  • Loading branch information
@AdrienClairembault
AdrienClairembault committed Sep 17, 2024
1 parent 754cc04 commit 4997bef
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion src/DbUtils.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1501,7 +1501,7 @@ public function getTreeValueCompleteName($table, $ID, $withcomment = false, $tra
$acomment .= $country;
}
if (trim($acomment != '')) {
$comment .= "<span class='b'>&nbsp;" . __s('Address:') . "</span> " . $acomment . "<br/>";
$comment .= "<span class='b'>&nbsp;" . __s('Address:') . "</span> " . htmlspecialchars($acomment) . "<br/>";

This comment has been minimized.

Sign in to view

Copy link
@cedric-anne

cedric-anne Sep 17, 2024

Member

On line 1492, a <br /> is added to $acomment. With this, it will be escaped too.
}
}
$comment .= "<span class='b'>&nbsp;" . __s('Comments') . "&nbsp;</span>";
Expand Down

0 comments on commit 4997bef

Please sign in to comment.