close a possible XSS hole
authorjoey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>
Mon, 4 Sep 2006 04:31:41 +0000 (04:31 +0000)
committerjoey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>
Mon, 4 Sep 2006 04:31:41 +0000 (04:31 +0000)
templates/recentchanges.tmpl

index 726e52f6492051e6c7092fa8942c25982c2fd540..f927cf62f4eb9549442f161dd75e4941e0d75764 100644 (file)
@@ -30,7 +30,7 @@
 <TMPL_LOOP NAME="CHANGELOG">
        <!-- <TMPL_VAR NAME="REV"> -->
        <tr class="changeinfo">
 <TMPL_LOOP NAME="CHANGELOG">
        <!-- <TMPL_VAR NAME="REV"> -->
        <tr class="changeinfo">
-               <td class="changeinfo"><TMPL_VAR NAME="USER"></td>
+               <td class="changeinfo"><TMPL_VAR NAME="USER" ESCAPE="HTML"></td>
                <td class="changetime"><TMPL_VAR NAME="WHEN"></td>
                <td class="changeinfo">
                <TMPL_LOOP NAME="PAGES">
                <td class="changetime"><TMPL_VAR NAME="WHEN"></td>
                <td class="changeinfo">
                <TMPL_LOOP NAME="PAGES">