fix: missing escape on ACP category backgroundImage property

2025-11-02 03:55:55 +01:00 · 2022-09-02 12:30:55 -04:00
parent 61d1e9e0d4
commit 67cb70352f
1 changed files with 1 additions and 1 deletions
--- a/src/categories/data.js
+++ b/src/categories/data.js
@@ -86,7 +86,7 @@ function modifyCategory(category, fields) {

 	db.parseIntFields(category, intFields, fields);

-	const escapeFields = ['name', 'color', 'bgColor', 'imageClass', 'class', 'link'];
+	const escapeFields = ['name', 'color', 'bgColor', 'backgroundImage', 'imageClass', 'class', 'link'];
 	escapeFields.forEach((field) => {
 		if (category.hasOwnProperty(field)) {
 			category[field] = validator.escape(String(category[field] || ''));