Fix hard to exploit stored XSS possibility: code wrongly expected people to only be able to submit entries from <select>
This commit is contained in:
@@ -75,7 +75,7 @@ class LocationsController extends AdminController
|
||||
} else {
|
||||
$location->parent_id = e(Input::get('parent_id'));
|
||||
}
|
||||
$location->currency = Input::get('currency','$');
|
||||
$location->currency = e(Input::get('currency','$'));
|
||||
$location->address = e(Input::get('address'));
|
||||
$location->address2 = e(Input::get('address2'));
|
||||
$location->city = e(Input::get('city'));
|
||||
@@ -203,7 +203,7 @@ class LocationsController extends AdminController
|
||||
} else {
|
||||
$location->parent_id = e(Input::get('parent_id',''));
|
||||
}
|
||||
$location->currency = Input::get('currency','$');
|
||||
$location->currency = e(Input::get('currency','$'));
|
||||
$location->address = e(Input::get('address'));
|
||||
$location->address2 = e(Input::get('address2'));
|
||||
$location->city = e(Input::get('city'));
|
||||
|
||||
Reference in New Issue
Block a user