summaryrefslogtreecommitdiffstats
path: root/3421ff97909c794839a731e68eb8910a8dea7cc2.patch
diff options
context:
space:
mode:
Diffstat (limited to '3421ff97909c794839a731e68eb8910a8dea7cc2.patch')
-rw-r--r--3421ff97909c794839a731e68eb8910a8dea7cc2.patch21
1 files changed, 21 insertions, 0 deletions
diff --git a/3421ff97909c794839a731e68eb8910a8dea7cc2.patch b/3421ff97909c794839a731e68eb8910a8dea7cc2.patch
new file mode 100644
index 0000000..6c39d87
--- /dev/null
+++ b/3421ff97909c794839a731e68eb8910a8dea7cc2.patch
@@ -0,0 +1,21 @@
+From 3421ff97909c794839a731e68eb8910a8dea7cc2 Mon Sep 17 00:00:00 2001
+From: Johan Cwiklinski <jcwiklinski@teclib.com>
+Date: Thu, 1 Mar 2018 09:26:04 +0100
+Subject: [PATCH] Escape get keys to prevent possible xss
+
+---
+ inc/html.class.php | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/inc/html.class.php b/inc/html.class.php
+index a985db5250..bcf1ab4c0c 100644
+--- a/inc/html.class.php
++++ b/inc/html.class.php
+@@ -4096,6 +4096,7 @@ static function printCleanArray($tab, $pad=0,$jsexpand=false) {
+ echo "<tr><th>KEY</th><th>=></th><th>VALUE</th></tr>";
+
+ foreach ($tab as $key => $val) {
++ $key = Toolbox::clean_cross_side_scripting_deep($key);
+ echo "<tr class='tab_bg_1'><td class='top right'>";
+ echo $key;
+ $is_array = is_array($val);