php/yii2
1
0
Fork 0
mirror of https://github.com/yiisoft/yii2.git synced 2025-11-26 20:00:06 +08:00
Code Issues Packages Projects Releases Wiki Activity

encode email in Formatter

Browse Source 
avoid XSS with emails in format  "Carsten Brandt <mail@cebe.cc>"
This commit is contained in:
Carsten Brandt
2013-11-21 14:44:40 +01:00
parent 248e0cb916
commit f3ab5d999b
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
framework/yii/base/Formatter.php
View File

@@ -190,7 +190,7 @@ class Formatter extends Component
if ($value === null) { if ($value === null) {
return $this->nullDisplay; return $this->nullDisplay;
} }
return Html::mailto($value); return Html::mailto(Html::encode($value), $value);
} }
/** /**