Prevent potential XSS in toHtml()

jasongrimes · Jul 11, 2018 · 3411e3c · 3411e3c
1 parent 824731a
commit 3411e3c
Showing 1 changed file with 5 additions and 5 deletions.
diff --git a/src/JasonGrimes/Paginator.php b/src/JasonGrimes/Paginator.php
@@ -281,19 +281,19 @@ public function toHtml()
 
         $html = '<ul class="pagination">';
         if ($this->getPrevUrl()) {
-            $html .= '<li><a href="' . $this->getPrevUrl() . '">&laquo; '. $this->previousText .'</a></li>';
+            $html .= '<li><a href="' . htmlspecialchars($this->getPrevUrl()) . '">&laquo; '. $this->previousText .'</a></li>';
         }
 
         foreach ($this->getPages() as $page) {
             if ($page['url']) {
-                $html .= '<li' . ($page['isCurrent'] ? ' class="active"' : '') . '><a href="' . $page['url'] . '">' . $page['num'] . '</a></li>';
+                $html .= '<li' . ($page['isCurrent'] ? ' class="active"' : '') . '><a href="' . htmlspecialchars($page['url']) . '">' . htmlspecialchars($page['num']) . '</a></li>';
             } else {
-                $html .= '<li class="disabled"><span>' . $page['num'] . '</span></li>';
+                $html .= '<li class="disabled"><span>' . htmlspecialchars($page['num']) . '</span></li>';
             }
         }
 
         if ($this->getNextUrl()) {
-            $html .= '<li><a href="' . $this->getNextUrl() . '">'. $this->nextText .' &raquo;</a></li>';
+            $html .= '<li><a href="' . htmlspecialchars($this->getNextUrl()) . '">'. $this->nextText .' &raquo;</a></li>';
         }
         $html .= '</ul>';
 
@@ -342,4 +342,4 @@ public function setNextText($text)
         $this->nextText = $text;
         return $this;
     }
-}
+}