run passed parameter 'action' through htmlspecialchars() before output

This commit is contained in:
Uwe Steinmann 2018-06-27 18:56:01 +02:00
parent 92c0c4c611
commit 3eebc6bc28

View File

@ -47,7 +47,7 @@ class SeedDMS_View_Common {
if(method_exists($this, $get['action'])) { if(method_exists($this, $get['action'])) {
$this->{$get['action']}(); $this->{$get['action']}();
} else { } else {
echo "Missing action '".$get['action']."'"; echo "Missing action '".htmlspecialchars($get['action'])."'";
} }
} else } else
$this->show(); $this->show();