projects / WP-Plugins / glm-member-db.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b152ab7)
The text search was vulnerable to double quote marks in members names.
authorChuck Scott <cscott@gaslightmedia.com>
Mon, 15 Aug 2016 14:45:46 +0000 (10:45 -0400)
committerChuck Scott <cscott@gaslightmedia.com>
Mon, 15 Aug 2016 14:45:46 +0000 (10:45 -0400)
Now filtering those out.

views/admin/members/list.html patch | blob | history

diff --git a/views/admin/members/list.html b/views/admin/members/list.html
index b792214..c357c9f 100644 (file)
--- a/views/admin/members/list.html
+++ b/views/admin/members/list.html
@@ -203,7 +203,7 @@
 
              var availableTags = [
     {foreach $namesList as $m}
-                { label: "{$m.name|unescape:'html'}", value: "{$m.name|unescape:'html'}", id: '{$m.id}' },
+                { label: "{$m.name|unescape:'html'|replace:'"':''}", value: "{$m.name|unescape:'html'|replace:'"':''}", id: '{$m.id}' },
     {/foreach}
              ];