From b670855f252590246c92ce511a4a384e6b51df9a Mon Sep 17 00:00:00 2001
From: "Alexander A. Klimov" <alexander.klimov@netways.de>
Date: Tue, 23 Feb 2016 14:00:07 +0100
Subject: [PATCH] Dashboard settings: escape panes' names to prevent XSS

---
 application/views/scripts/dashboard/settings.phtml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/application/views/scripts/dashboard/settings.phtml b/application/views/scripts/dashboard/settings.phtml
index 3376da835..2d22aaf8e 100644
--- a/application/views/scripts/dashboard/settings.phtml
+++ b/application/views/scripts/dashboard/settings.phtml
@@ -20,7 +20,7 @@
             <?php foreach ($this->dashboard->getPanes() as $pane): ?>
                 <tr style="background-color: #f1f1f1;">
                     <th colspan="2" style="text-align: left; padding: 0.5em;">
-                        <?= $pane->getName(); ?>
+                        <?= $this->escape($pane->getName()) ?>
                     </th>
                     <th>
                         <?= $this->qlink(