kjallad
commented
11 years ago Cancel this pull request, I got around to testing it and it does not work because the field contains a bunch of other HTML.
Closed kjallad closed 11 years ago
kjallad
commented
11 years ago Cancel this pull request, I got around to testing it and it does not work because the field contains a bunch of other HTML.
This is my totally untested attempt at a fix for the XSS described here:
http://packetstormsecurity.org/files/113840/bricolagecms-sqlxss.txt
If this val is ever supposed to have HTML in it, this will break it...