mirror of
https://github.com/sbrl/Pepperminty-Wiki.git
synced 2024-11-22 04:23:01 +00:00
page-renderer: use htmlentities on admindetails_name
This is NOT to fix a security issue - rather to allow the admin's name to contain special characters. Note that the admin's name can only be changed either in peppermint.json or via the admin settings panel (which only admins can access). If you're worries about admins serving arbitrary HTML, then Pepperminty Wiki is not for you because they could serve a random static HTML file that they've uploaded to their web server for instance.
This commit is contained in:
parent
98485e7bd2
commit
39af83caf9
1 changed files with 4 additions and 1 deletions
|
@ -190,7 +190,10 @@ class page_renderer
|
|||
"{navigation-bar}" => self::render_navigation_bar($settings->nav_links, $settings->nav_links_extra, "top"),
|
||||
"{navigation-bar-bottom}" => self::render_navigation_bar($settings->nav_links_bottom, [], "bottom"),
|
||||
|
||||
"{admin-details}" => hide_email($settings->admindetails_email, $settings->admindetails_name),
|
||||
"{admin-details}" => hide_email(
|
||||
$settings->admindetails_email,
|
||||
htmlentities($settings->admindetails_name)
|
||||
),
|
||||
"{admin-details-name}" => $settings->admindetails_name,
|
||||
|
||||
"{admins-name-list}" => implode(", ", array_map(function($username) { return page_renderer::render_username($username); }, $settings->admins)),
|
||||
|
|
Loading…
Reference in a new issue