Commit 2248fb0c authored by Nigel McNie's avatar Nigel McNie
Browse files

Defense in depth - run some vars through |escape, although we know that...

Defense in depth - run some vars through |escape, although we know that currently they're safe vars.
parent a56fa97d
...@@ -11,12 +11,12 @@ ...@@ -11,12 +11,12 @@
{foreach from=$attachments item=item} {foreach from=$attachments item=item}
<tr class="r{cycle values=1,0}"> <tr class="r{cycle values=1,0}">
<td style="width: 22px;"><img src="{$item->iconpath|escape}" alt=""></td> <td style="width: 22px;"><img src="{$item->iconpath|escape}" alt=""></td>
<td><a href="{$item->viewpath|escape}">{$item->title|escape}</a> ({$item->size}) - <strong><a href="{$item->downloadpath|escape}">{str tag=Download section=artefact.file}</a></strong> <td><a href="{$item->viewpath|escape}">{$item->title|escape}</a> ({$item->size|escape}) - <strong><a href="{$item->downloadpath|escape}">{str tag=Download section=artefact.file}</a></strong>
<br><strong>{$item->description|escape}</strong></td> <br><strong>{$item->description|escape}</strong></td>
</tr> </tr>
{/foreach} {/foreach}
</tbody> </tbody>
</table> </table>
{/if} {/if}
<div class="postdetails">{$postedbyon}</div> <div class="postdetails">{$postedbyon|escape}</div>
</div> </div>
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment