escape strings
authorChristian Weiske <christian.weiske@netresearch.de>
Thu, 13 Feb 2014 07:32:28 +0000 (08:32 +0100)
committerChristian Weiske <christian.weiske@netresearch.de>
Thu, 13 Feb 2014 07:32:28 +0000 (08:32 +0100)
src/bdrem/Renderer/HtmlTable.php

index bcfa9fe..d8a723e 100644 (file)
@@ -43,8 +43,8 @@ HTM;
                 . "</tr>\n",
                 $event->days,
                 $event->age,
                 . "</tr>\n",
                 $event->days,
                 $event->age,
-                $event->title,
-                $event->type,
+                htmlspecialchars($event->title),
+                htmlspecialchars($event->type),
                 $event->date,
                 strftime('%a', strtotime($event->localDate))
             );
                 $event->date,
                 strftime('%a', strtotime($event->localDate))
             );