Escape missing variables

refs #8903
2015-05-04 16:01:14 +02:00 · 2015-05-04 16:01:14 +02:00 · 5477a2f18e
parent e6740c5093
commit 5477a2f18e
2 changed files with 2 additions and 2 deletions
--- a/modules/monitoring/application/views/scripts/list/comments.phtml
+++ b/modules/monitoring/application/views/scripts/list/comments.phtml
@ -64,7 +64,7 @@ if (count($comments) === 0) {
        <?php endif ?>
          <br>
          <?= $this->icon('comment', $this->translate('Comment')); ?> <?= isset($comment->author)
-            ? '[' . $comment->author . '] '
+            ? '[' . $this->escape($comment->author) . '] '
            : '';
          ?><?= $this->escape($comment->comment); ?>
          <br>
--- a/modules/monitoring/application/views/scripts/partials/comment/comment-detail.phtml
+++ b/modules/monitoring/application/views/scripts/partials/comment/comment-detail.phtml
@ -13,6 +13,6 @@

 <br>
 <?= $this->icon('comment', $this->translate('Comment')); ?> <?= isset($comment->author)
-  ? '[' . $comment->author . '] '
+  ? '[' . $this->escape($comment->author) . '] '
  : '';
 ?><?= $this->escape($comment->comment); ?>