From 224a5ae4bcfeac770c12a6b1143b712cfa00b815 Mon Sep 17 00:00:00 2001 From: Craig Knudsen Date: Tue, 30 Jan 2024 23:26:44 -0500 Subject: [PATCH] Fix XSS for report name --- edit_report.php | 2 +- report.php | 7 ++++--- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/edit_report.php b/edit_report.php index c01e91d79..ec18cbbf4 100644 --- a/edit_report.php +++ b/edit_report.php @@ -216,7 +216,7 @@ function print_options ( $textarea, $option ) {
'; + 'maxlength="50" value="' . htmlentities($report_name) . '">'; if ( $show_participants ) { echo '
diff --git a/report.php b/report.php index 62b1ba6bb..e4e95d54f 100644 --- a/report.php +++ b/report.php @@ -110,6 +110,7 @@ function event_to_text ( $event, $date ) { } else $id = $event->getID(); + $name_str = $description_str = ''; if ( $tempAcc == 'R' ) { if ( ( $login != $user && strlen ( $user ) ) || ( $login != $tempLog && strlen ( $tempLog ) ) ) { @@ -237,9 +238,9 @@ function event_to_text ( $event, $date ) { $addStr = translate ( 'Add new report' ); $unnamesStr = translate ( 'Unnamed Report' ); while ( $row = dbi_fetch_row ( $res ) ) { - $rep_name = trim ( $row[1] ); + $rep_name = htmlentities(trim($row[1])); if ( empty ( $rep_name ) ) - $rep_name = $unnamesStr; + $rep_name = htmlentities($unnamesStr); $list .= '