From: Matthias Schmidt Date: Sun, 6 Sep 2020 12:48:10 +0000 (+0200) Subject: Disallow `href` attribute for `user` template plugin X-Git-Tag: 5.3.0_Alpha_1~4 X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=834133f7d3b564198dc2a6d79630eb9a2f8629f4;p=GitHub%2FWoltLab%2FWCF.git Disallow `href` attribute for `user` template plugin --- diff --git a/wcfsetup/install/files/lib/system/template/plugin/UserFunctionTemplatePlugin.class.php b/wcfsetup/install/files/lib/system/template/plugin/UserFunctionTemplatePlugin.class.php index 5b56dd2c52..0b85635392 100644 --- a/wcfsetup/install/files/lib/system/template/plugin/UserFunctionTemplatePlugin.class.php +++ b/wcfsetup/install/files/lib/system/template/plugin/UserFunctionTemplatePlugin.class.php @@ -80,6 +80,10 @@ class UserFunctionTemplatePlugin implements IFunctionTemplatePlugin { } } + if (isset($tagArgs['href'])) { + throw new \InvalidArgumentException("'href' attribute is not allowed."); + } + $append = ''; if (isset($tagArgs['append'])) { $append = $tagArgs['append'];