From c3e2ce4f87f528588236c9380a154e8de08fc135 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kyra=20=E3=83=84?= <KyraD@users.noreply.github.com>
Date: Mon, 18 Aug 2014 20:55:18 -0400
Subject: [PATCH] Fix XSS Vulnerability In "tpl.inc.php"

Another area was also outputting the unsanitized value.
---
 include/staff/tpl.inc.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/staff/tpl.inc.php b/include/staff/tpl.inc.php
index 9faa9d33b..139049c0a 100644
--- a/include/staff/tpl.inc.php
+++ b/include/staff/tpl.inc.php
@@ -108,7 +108,7 @@ $tpl=$msgtemplates[$selected];
     <input type="hidden" name="draft_id" value=""/>
     <textarea name="body" cols="21" rows="16" style="width:98%;" wrap="soft"
         data-toolbar-external="#toolbar"
-        class="richtext draft" data-draft-namespace="tpl.<?php echo $selected; ?>"
+        class="richtext draft" data-draft-namespace="tpl.<?php echo Format::htmlchars($selected); ?>"
         data-draft-object-id="<?php echo $tpl_id; ?>"><?php echo $info['body']; ?></textarea>
 </div>
 
-- 
GitLab