Skip to content

Commit

Permalink
[CVE-2020-9311] Escape First Name when displaying re-login screen
Browse files Browse the repository at this point in the history
  • Loading branch information
Maxime Rainville committed Jul 14, 2020
1 parent 8f9bb9d commit d3b23e7
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion security/CMSSecurity.php
Original file line number Diff line number Diff line change
@@ -86,7 +86,7 @@ public function getTitle() {
'CMSSecurity.TimedOutTitleMember',
'Hey {name}!<br />Your session has timed out.',
'Title for CMS popup login form for a known user',
array('name' => $member->FirstName)
array('name' => Convert::raw2xml($member->FirstName))
);
} else {
return _t(
2 changes: 1 addition & 1 deletion security/MemberLoginForm.php
Original file line number Diff line number Diff line change
@@ -139,7 +139,7 @@ protected function getMessageFromSession() {
$this->message = _t(
'Member.LOGGEDINAS',
"You're logged in as {name}.",
array('name' => $member->{$this->loggedInAsField})
array('name' => Convert::raw2xml($member->{$this->loggedInAsField}))
);
}

0 comments on commit d3b23e7

Please # to comment.