Skip to content

Commit

Permalink
Add HTML escaping for good measure
Browse files Browse the repository at this point in the history
  • Loading branch information
campbell-m committed Sep 13, 2023
1 parent 27eb9b8 commit ff88980
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions web/admin.php
Original file line number Diff line number Diff line change
Expand Up @@ -473,7 +473,7 @@ function generate_new_room_form()
echo "<td><div>" . htmlspecialchars($r[$field['name']] ?? '') . "</div></td>\n";
break;
case 'capacity':
echo "<td class=\"int\"><div>" . $r[$field['name']] . "</div></td>\n";
echo "<td class=\"int\"><div>" . htmlspecialchars($r[$field['name']] ?? '') . "</div></td>\n";
break;
case 'invalid_types':
echo "<td><div>" . get_type_names($r[$field['name']]) . "</div></td>\n";
Expand All @@ -491,7 +491,7 @@ function generate_new_room_form()
elseif (($field['nature'] == 'integer') && isset($field['length']) && ($field['length'] > 2))
{
// integer values
echo "<td class=\"int\"><div>" . $r[$field['name']] . "</div></td>\n";
echo "<td class=\"int\"><div>" . htmlspecialchars($r[$field['name']] ?? '') . "</div></td>\n";
}
else
{
Expand Down

0 comments on commit ff88980

Please sign in to comment.