Merge pull request #390 from moebrowne/security/user-stored-xss

Users Full Name Stored XSS Vulnerability

Merge pull request #390 from moebrowne/security/user-stored-xss
Users Full Name Stored XSS Vulnerability
a011627c · Nicolas Widart · GitHub · 663bac77 · 03ecd43a · a011627c
Commit a011627c authored Oct 02, 2017 by Nicolas Widart Committed by GitHub Oct 02, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 2 deletions

top-nav.blade.php Themes/Adminlte/views/partials/top-nav.blade.php +2 -2

No files found.
--- a/Themes/Adminlte/views/partials/top-nav.blade.php
+++ b/Themes/Adminlte/views/partials/top-nav.blade.php
@@ -43,7 +43,7 @@
                    <i class="glyphicon glyphicon-user"></i>
                    <span>
                        <?php if ($user->present()->fullname() != ' '): ?>
-                            <?= $user->present()->fullName(); ?>
+                            {{ $user->present()->fullName() }}
                        <?php else: ?>
                            <em>{{trans('core::core.general.complete your profile')}}.</em>
                        <?php endif; ?>
@@ -56,7 +56,7 @@
                        <img src="{{ $user->present()->gravatar() }}" class="img-circle" alt="User Image" />
                        <p>
                            <?php if ($user->present()->fullname() != ' '): ?>
-                                <?= $user->present()->fullname(); ?>
+                                {{ $user->present()->fullname() }}
                            <?php else: ?>
                                <em>{{trans('core::core.general.complete your profile')}}.</em>
                            <?php endif; ?>