techjoomla · deepa-g · May 7, 2019 · May 8, 2019 · May 15, 2019 · May 15, 2019
diff --git a/src/com_tjvendors/admin/views/vendor/tmpl/update.php b/src/com_tjvendors/admin/views/vendor/tmpl/update.php
@@ -62,10 +62,10 @@
 						?>
 						</div>
 
-						<input type="hidden" name="jform[vendor_logo]" id="jform_vendor_logo_hidden" value="<?php echo $this->item->vendor_logo; ?>" />
+						<input type="hidden" name="jform[vendor_logo]" id="jform_vendor_logo_hidden" value="<?php echo htmlspecialchars($this->item->vendor_logo, ENT_COMPAT, 'UTF-8'); ?>" />
 						<?php if (!empty($this->item->vendor_logo)) : ?>
 							<div class="control-group">
-								<div><img src="<?php echo JUri::root() . $this->item->vendor_logo; ?>" class="span3 col-md-3 img-thumbnail pull-left marginb10 img-polaroid"></div>
+								<div><img src="<?php echo JUri::root(true) . htmlspecialchars($this->item->vendor_logo, ENT_COMPAT, 'UTF-8'); ?>" class="span3 col-md-3 img-thumbnail pull-left marginb10 img-polaroid"></div>
 							</div>
 						<?php endif;
 					?>

diff --git a/src/com_tjvendors/site/controllers/vendor.php b/src/com_tjvendors/site/controllers/vendor.php
@@ -1,10 +1,11 @@
 <?php
 /**
- * @version    CVS: 1.0.0
- * @package    Com_Tjvendors
- * @author     Parth Lawate <contact@techjoomla.com>
- * @copyright  2016 Parth Lawate
- * @license    GNU General Public License version 2 or later; see LICENSE.txt
+ * @package     TJVendors
+ * @subpackage  com_tjvendors
+ *
+ * @author      Techjoomla <extensions@techjoomla.com>
+ * @copyright   Copyright (C) 2009 - 2019 Techjoomla. All rights reserved.
+ * @license     http://www.gnu.org/licenses/gpl-2.0.html GNU/GPL
  */
 
 // No direct access

diff --git a/src/com_tjvendors/site/views/vendor/tmpl/default.php b/src/com_tjvendors/site/views/vendor/tmpl/default.php
@@ -35,7 +35,7 @@
 			{
 			?>
 				<div class="controls col-sm-3 center">
-					<img  src="<?php echo JUri::root() . $this->VendorDetail->vendor_logo; ?>" width="100%">
+					<img  src="<?php echo JUri::root(true) . htmlspecialchars($this->VendorDetail->vendor_logo, ENT_COMPAT, 'UTF-8'); ?>" width="100%">
 				</div>
 		<?php
 			}

diff --git a/src/com_tjvendors/site/views/vendor/tmpl/profile.php b/src/com_tjvendors/site/views/vendor/tmpl/profile.php
@@ -69,7 +69,7 @@
 										<div class="form-group">
 											<div class="row">
 												<div class="col-xs-12 col-sm-10 col-md-7">
-													<img class="img-responsive" src="<?php echo JUri::root() . $this->vendor->vendor_logo; ?>">
+													<img class="img-responsive" src="<?php echo JUri::root() . htmlspecialchars($this->vendor->vendor_logo, ENT_COMPAT, 'UTF-8'); ?>">
 												</div>
 											</div>
 										</div>
@@ -96,7 +96,7 @@
 										</div>
 									</div>
 								</div>
-								<input type="hidden" name="jform[vendor_logo]" id="jform_vendor_logo_hidden" value="<?php echo $this->vendor->vendor_logo ?>" />
+								<input type="hidden" name="jform[vendor_logo]" id="jform_vendor_logo_hidden" value="<?php echo htmlspecialchars($this->vendor->vendor_logo, ENT_COMPAT, 'UTF-8'); ?>" />
 							</fieldset>
 						</div>
 						<!----Tab 1 End----->