Fix XSS in path names of inline comment list.

2011-04-11 20:24:33 -07:00
parent 85cc13b607
commit 1bba2c9913
1 changed files with 1 additions and 1 deletions
--- a/src/applications/differential/view/revisioncomment/DifferentialRevisionCommentView.php
+++ b/src/applications/differential/view/revisioncomment/DifferentialRevisionCommentView.php
@@ -119,7 +119,7 @@ final class DifferentialRevisionCommentView extends AphrontView {
        $inline_render[] =
          '<tr>'.
            '<th colspan="2">'.
-              $changeset->getFileName().
+              phutil_escape_html($changeset->getFileName()).
            '</th>'.
          '</tr>';
        foreach ($inlines as $inline) {