Commit aee824bd authored by Robert Lyon's avatar Robert Lyon Committed by Cecilia Vela Gurovic
Browse files

Security bug 1819547: Need to escape collection title on matrix page

To avoid potential XSS vector


Change-Id: I00eb57f1421a0969f8da93ace6210f84c0830fa7
Signed-off-by: Robert Lyon's avatarRobert Lyon <>
(cherry picked from commit 51726c19)
(cherry picked from commit 270e2f73)
parent ac4f9f72
......@@ -37,7 +37,6 @@ if (!$collection->has_framework()) {
// The collection does have a framework associated but we are not allowed
// to see the matrix page so show an error page with link to first page of collection.
$smarty = smarty();
$smarty->assign('maintitle', $collection->get('name'));
$smarty->assign('owner', $collection->get('owner'));
$smarty->assign('PAGEHEADING', null);
$smarty->assign('name', get_string('frameworkmissing', 'module.framework'));
......@@ -198,7 +197,7 @@ $inlinejs = <<<EOF
$smarty->assign('INLINEJAVASCRIPT', $inlinejs);
$smarty->assign('maintitle', $collection->get('name'));
$smarty->assign('maintitle', hsc($collection->get('name')));
$smarty->assign('collectionid', $collection->get('id'));
$smarty->assign('owner', $owner);
$smarty->assign('PAGEHEADING', null);
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment