Site
/
initfest
11
0
Fork 0
Code Issues 4 Pull Requests Packages Projects Releases Wiki Activity

schedule: fix XSS, reported by Hetti

This commit is contained in:
Vasil Kolev 2022-10-16 15:23:01 +03:00 committed by Ivaylo Markov
parent dadf30c8ae
commit 4fa533919d
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
schedule/parse.php
View File

@ -284,8 +284,8 @@ function parseData($config, $data) {
// We don't want '()' when we don't have a speaker name // We don't want '()' when we don't have a speaker name
$fulltalk_spkr = strlen($speakers) > 0 ? (' (' . $speakers . ')') : ''; $fulltalk_spkr = strlen($speakers) > 0 ? (' (' . $speakers . ')') : '';
$fulltalks .= '<p><strong>' . $event['title'] . ' ' . $fulltalk_spkr . '</strong></p>'; $fulltalks .= '<p><strong>' . htmlentities($event['title']) . ' ' . $fulltalk_spkr . '</strong></p>';
$fulltalks .= '<p>' . $event['abstract'] . '</p>'; $fulltalks .= '<p>' . htmlentities($event['abstract']) . '</p>';
$fulltalks .= $fullfb; $fulltalks .= $fullfb;
$fulltalks .= '<div class="separator"></div></section>'; $fulltalks .= '<div class="separator"></div></section>';
$known_events[$eid] = $eid; $known_events[$eid] = $eid;
@ -396,7 +396,7 @@ function parseData($config, $data) {
} }
$fspk .= '</div>'; $fspk .= '</div>';
$fspk .= '<p>' . $speaker['biography'] . '</p>'; $fspk .= '<p>' . htmlentities($speaker['biography']) . '</p>';
$fspk .= '</div><div class="separator"></div>'; $fspk .= '</div><div class="separator"></div>';
} }