Merge pull request from GHSA-fw5q-j9p4-3vxg

baserproject · web-flow · commit d14f506385f2 · 2020-10-29T11:40:47.000+09:00
ブログコメントの名前表示を改善
diff --git a/lib/Baser/Config/theme/bc_sample/Elements/blog_comment.php b/lib/Baser/Config/theme/bc_sample/Elements/blog_comment.php
@@ -25,9 +25,9 @@
 <div class="bs-blog-comment__list-item" id="Comment<?php echo $dbData['no'] ?>">
 	<div class="bs-blog-comment__list-item-name">
 		<?php if ($dbData['url']): ?>
-			<?php $this->BcBaser->link($dbData['name'], $dbData['url'], ['target' => '_blank']) ?>
+			<?php $this->BcBaser->link($dbData['name'], $dbData['url'], ['target' => '_blank', 'escape' => true]) ?>
 		<?php else: ?>
-			<?php echo $dbData['name'] ?>
+			<?php echo h($dbData['name']) ?>
 		<?php endif ?>
 	</div>
 	<div class="bs-blog-comment__list-item-message">
diff --git a/lib/Baser/Plugin/Blog/View/Elements/blog_comments_scripts.php b/lib/Baser/Plugin/Blog/View/Elements/blog_comments_scripts.php
@@ -11,7 +11,7 @@
 	'data-alertMessageComplate' => __('コメントの送信が完了しました。'),
 	'data-alertMessageError' => __('コメントの送信に失敗しました。入力内容を見なおしてください。'),
 ]); ?>
-<div id="BaseUrl" style="display: none"><?php echo $this->request->base; ?></div>
+<div id="BaseUrl" style="display: none"><?php echo h($this->request->base); ?></div>
 
 <script>
 	authCaptcha = <?php echo $blogContent['BlogContent']['auth_captcha'] ? 'true' : 'false'; ?>;
