From 710062aaa76eadb8ca5ef9c0dc04ae003fe9f1fd Mon Sep 17 00:00:00 2001
From: Martin Kravec <kravec.martin@gmail.com>
Date: Wed, 17 Feb 2016 09:11:26 +0100
Subject: [PATCH] XSS vulnerability fixed in presentation layer

Possible vulnerability in /Search/Results?saved=999999999999</p><img src="http://tinyurl.com/n9cs3q4"/>
Reproducable in Firefox, not Opera.
---
 themes/bootstrap3/templates/error/index.phtml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/themes/bootstrap3/templates/error/index.phtml b/themes/bootstrap3/templates/error/index.phtml
index a7f10d51c12..19a86243a3f 100644
--- a/themes/bootstrap3/templates/error/index.phtml
+++ b/themes/bootstrap3/templates/error/index.phtml
@@ -25,7 +25,7 @@
 <? if (isset($this->display_exceptions) && $this->display_exceptions): ?>
   <h2><?=$this->transEsc('Exception')?>:</h2>
   <p>
-    <b><?=$this->transEsc('Message')?>:</b> <?=$this->exception->getMessage()?>
+    <b><?=$this->transEsc('Message')?>:</b> <?=$this->escapeHtml($this->exception->getMessage())?>
   </p>
 
   <h2><?=$this->transEsc('Backtrace')?>:</h2>
-- 
GitLab