groove/Part-DB-server
1
0
Fork 0
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2026-06-27 21:11:34 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Hardened against potential XSS injection in table columns

Browse source
This commit is contained in:
Jan Böhmer 2026-06-14 12:08:25 +02:00
parent c9dd27712c
commit 11b41ee66a
2 changed files with 4 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/DataTables/Column/EntityColumn.php
View file

@ -78,7 +78,7 @@ class EntityColumn extends AbstractColumn
); );
} }
return sprintf('<i>%s</i>', $value); return sprintf('<i>%s</i>', htmlspecialchars($value));
} }
return ''; return '';

6
src/DataTables/Column/IconLinkColumn.php
View file

@ -87,9 +87,9 @@ class IconLinkColumn extends AbstractColumn
return sprintf( return sprintf(
'<a class="btn btn-primary btn-sm %s" href="%s" title="%s"><i class="%s"></i></a>', '<a class="btn btn-primary btn-sm %s" href="%s" title="%s"><i class="%s"></i></a>',
$disabled ? 'disabled' : '', $disabled ? 'disabled' : '',
$href, htmlspecialchars($href),
$title, htmlspecialchars($title ?? ''),
$icon htmlspecialchars($icon ?? '')
); );
} }