From 1f409ec524c86570f8d4755f95789e1c0f149190 Mon Sep 17 00:00:00 2001
From: Tom Needham <needham.thomas@gmail.com>
Date: Thu, 7 Jun 2012 17:43:26 +0000
Subject: [PATCH] Protect the help page

---
 settings/templates/help.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/settings/templates/help.php b/settings/templates/help.php
index a53ec76d68..cf61207e60 100644
--- a/settings/templates/help.php
+++ b/settings/templates/help.php
@@ -26,9 +26,9 @@
 	<?php foreach($_["kbe"] as $kb): ?>
 	<div class="helpblock">
 		<?php if($kb["preview1"] <> "") { echo('<img class="preview" src="'.$kb["preview1"].'" />'); } ?>
-		<?php if($kb['detailpage']<>'') echo('<p><a target="_blank" href="'.$kb['detailpage'].'"><strong>'.$kb["name"].'</strong></a></p>');?>
-		<p><?php echo $kb['description'];?></p>
-		<?php if($kb['answer']<>'') echo('<p><strong>'.$l->t('Answer').':</strong><p>'.$kb['answer'].'</p>');?>
+		<?php if($kb['detailpage']<>'') echo('<p><a target="_blank" href="'.$kb['detailpage'].'"><strong>'.htmlentities($kb["name"]).'</strong></a></p>');?>
+		<p><?php echo htmlentities($kb['description']);?></p>
+		<?php if($kb['answer']<>'') echo('<p><strong>'.$l->t('Answer').':</strong><p>'.htmlentities($kb['answer']).'</p>');?>
 	</div>
 	<?php endforeach;
 endif?>
-- 
GitLab