Commit 270e2f73 authored by Robert Lyon's avatar Robert Lyon Committed by Cecilia Vela Gurovic

Security bug 1819547: Need to escape collection title on matrix page

To avoid potential XSS vector

behatnotneeded

Change-Id: I00eb57f1421a0969f8da93ace6210f84c0830fa7
Signed-off-by: Robert Lyon's avatarRobert Lyon <robertl@catalyst.net.nz>
(cherry picked from commit 51726c19)
parent d2bfca1c
......@@ -37,7 +37,6 @@ if (!$collection->has_framework()) {
// The collection does have a framework associated but we are not allowed
// to see the matrix page so show an error page with link to first page of collection.
$smarty = smarty();
$smarty->assign('maintitle', $collection->get('name'));
$smarty->assign('owner', $collection->get('owner'));
$smarty->assign('PAGEHEADING', null);
$smarty->assign('name', get_string('frameworkmissing', 'module.framework'));
......@@ -199,7 +198,7 @@ $inlinejs = <<<EOF
EOF;
$smarty->assign('INLINEJAVASCRIPT', $inlinejs);
$smarty->assign('maintitle', $collection->get('name'));
$smarty->assign('maintitle', hsc($collection->get('name')));
$smarty->assign('collectionid', $collection->get('id'));
$smarty->assign('owner', $owner);
$smarty->assign('PAGEHEADING', null);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment