Fix hard to exploit stored XSS possibility: code wrongly expected people to only be able to submit entries from <select>

This commit is contained in:
Mathieu Kooiman
2016-03-13 14:25:46 +01:00
parent 796866fd54
commit 6020de6321
@@ -75,7 +75,7 @@ class LocationsController extends AdminController
} else {
$location->parent_id = e(Input::get('parent_id'));
}
$location->currency = Input::get('currency','$');
$location->currency = e(Input::get('currency','$'));
$location->address = e(Input::get('address'));
$location->address2 = e(Input::get('address2'));
$location->city = e(Input::get('city'));
@@ -203,7 +203,7 @@ class LocationsController extends AdminController
} else {
$location->parent_id = e(Input::get('parent_id',''));
}
$location->currency = Input::get('currency','$');
$location->currency = e(Input::get('currency','$'));
$location->address = e(Input::get('address'));
$location->address2 = e(Input::get('address2'));
$location->city = e(Input::get('city'));