mirror of
https://github.com/pandorafms/pandorafms.git
synced 2025-07-29 08:45:12 +02:00
#11795 Prevent XSS attack in site news page
This commit is contained in:
parent
319a4e1743
commit
cf7b123eb0
@ -259,6 +259,8 @@ if (!empty($news)) {
|
||||
|
||||
$output_news .= '</div></div>';
|
||||
} else {
|
||||
$text = str_replace('<script', '<script', $text);
|
||||
$text = str_replace('</script', '</script', $text);
|
||||
$output_news .= nl2br($text);
|
||||
}
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user