views: escape piwik host and siteId to prevent XSS

Fixes CVE-2018-11352

Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
This commit is contained in:
Kevin Decherf 2018-09-23 22:46:09 +02:00
parent 8013f35d96
commit 66697b29b9

View file

@ -69,7 +69,7 @@
{% block footer %}{% endblock %} {% block footer %}{% endblock %}
{% if craue_setting('piwik_enabled') %} {% if craue_setting('piwik_enabled') %}
{{ piwik(craue_setting('piwik_host'), craue_setting('piwik_site_id')) }} {{ piwik(craue_setting('piwik_host')|e('html_attr'), craue_setting('piwik_site_id')|e('html_attr')) }}
{% endif %} {% endif %}
</body> </body>
</html> </html>