From 8ae8970dc6dee0ec86afa512e009a4e6535129a9 Mon Sep 17 00:00:00 2001 From: Andrey Kutejko Date: Wed, 15 Jul 2015 14:14:34 +0300 Subject: [PATCH] escape role names in auth/admin --- ipf/auth/admin.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ipf/auth/admin.php b/ipf/auth/admin.php index e7fe4e2..b4679e5 100644 --- a/ipf/auth/admin.php +++ b/ipf/auth/admin.php @@ -163,7 +163,7 @@ class AdminUser extends \IPF_Admin_Component public function column_groups($obj) { - return implode(' / ', \PFF\Arr::pluck($obj->roles(), 'name')); + return Text::escape(implode(' / ', \PFF\Arr::pluck($obj->roles(), 'name'))); } function _searchFields() @@ -294,7 +294,7 @@ class AdminRole extends \IPF_Admin_Component public function renderCell($object, $column) { - return $object->$column; + return Text::escape($object->$column); } function _searchFields() -- 2.49.0