Skip to content
Snippets Groups Projects
Commit 1caeea6a authored by Marius Burkard's avatar Marius Burkard
Browse files

- fixed missing htmlentities on formtype SELECT in list entries

parent 7ed34ac5
No related branches found
No related tags found
2 merge requests!700Ported XSS vulnerability fixes from stable branch,!699Fixed XSS vulnerabilities
Hide whitespace changes
Inline Side-by-side
interface/lib/classes/listform_actions.inc.php
+ 1
1
View file @ 1caeea6a
......@@ -180,7 +180,7 @@ class listform_actions {
$rec['_'.$key.'_'] = (strtolower($rec[$key]) == 'y')?'x16/tick_circle.png':'x16/cross_circle.png';
}
//* substitute value for select field
$rec[$key] = @$field['value'][$rec[$key]];
$rec[$key] = $app->functions->htmlentities(@$field['value'][$rec[$key]]);
}
}
}
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment